Disregard superuserness when checking to see if a role GRANT would
Tom Lane <tgl@sss.pgh.pa.us>
Disregard superuserness when checking to see if a role GRANT would create circularity of role memberships. This is a minimum-impact fix for the problem reported by Florian Pflug. I thought about removing the superuser_arg test from is_member_of_role() altogether, as it seems redundant for many of the callers --- but not all, and it's way too late in the 8.1 cycle to be making large changes. Perhaps reconsider this later.
Files
| Path | Change | +/− |
|---|---|---|
| src/backend/commands/user.c | modified | +4 −3 |
| src/backend/utils/adt/acl.c | modified | +21 −1 |
| src/include/utils/acl.h | modified | +2 −1 |