Re: fixing CREATEROLE
Wolfgang Walther <walther@technowledgy.de>
From: walther@technowledgy.de
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Robert Haas <robertmhaas@gmail.com>,
"pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2022-11-22T16:11:11Z
Lists: pgsql-hackers
Wolfgang Walther: > Tom Lane: >> No, we don't support partial indexes on catalogs, and I don't think >> we want to change that. Partial indexes would require expression >> evaluations occurring at very inopportune times. > > I see. Is that the same for indexes *on* an expression? Or would those > be ok? > > With a custom operator, an EXCLUDE constraint on the ROW(reldatabase, > relname) expression could work. The operator would compare: > - (0, name1) and (0, name2) as name1 == name2 > - (db1, name1) and (0, name2) as name1 == name2 > - (0, name1) and (db2, name2) as name1 == name2 > - (db1, name1) and (db2, name2) as db1 == db2 && name1 == name2 > > or just (db1 == 0 || db2 == 0 || db1 == db2) && name1 == name2. Does it even need to be on the expression? I don't think so. It would be enough to just make it compare relname WITH = and reldatabase WITH the custom operator (db1 == 0 || db2 == 0 || db1 == db2), right? Best, Wolfgang
Commits
-
Add new GUC createrole_self_grant.
- e5b8a4c098ad 16.0 landed
-
Restrict the privileges of CREATEROLE users.
- cf5eb37c5ee0 16.0 landed
-
Pass down current user ID to AddRoleMems and DelRoleMems.
- 39cffe95f2c5 16.0 landed
-
Refactor permissions-checking for role grants.
- 25bb03166b16 16.0 landed
-
Improve documentation of the CREATEROLE attibute.
- 0b496bc9881f 11.19 landed
- 1a5ff7be2696 12.14 landed
- 5dac191edf18 13.10 landed
- 1c77873727df 16.0 landed
- 5136c3fb575b 14.7 landed
- aa26980ca081 15.2 landed
-
Make role grant system more consistent with other privileges.
- ce6b672e4455 16.0 cited