Re: allowing for control over SET ROLE

igor levshin <i.levshin@postgrespro.ru>

From: igor levshin <i.levshin@postgrespro.ru>
To: pgsql-hackers@lists.postgresql.org
Date: 2022-11-22T10:09:29Z
Lists: pgsql-hackers
идея и её реализация насчёт Параллельного чтения - как вам? Мне 
показалось, интересно и полезно. Но это, думаю, одноразовая акция. 
Времени и сил на это довольно много ухлопал, хотя вроде дело нехитрое 
:)  Стоило?

15.11.2022 20:07, Robert Haas пишет:
> Bump.
>
> Discussion has trailed off here, but I still don't see that we have a
> better way forward here than what I proposed on September 30th. Two
> people have commented. Nathan said that he wasn't sure this was best
> (neither am I) but that he didn't have a better idea either (neither
> do I). Stephen proposed decomposing ADMIN OPTION, which is not my
> preference, but even if it turns out that we want to pursue that
> approach, I do not think it would make sense to bundle that into this
> patch, because there isn't enough overlap between that change and this
> change to justify that treatment.
>
> If anyone else wants to comment, or if either of those people want to
> comment further, please speak up soon. Otherwise, I am going to press
> forward with committing this. If we do not, we will continue to have
> no way of restricting of SET ROLE, and we will continue to have no way
> of preventing the creation of objects owned by predefined roles by
> users who have been granted those roles. As far as I am aware, no one
> is opposed to those goals, and in fact I think everyone who has
> commented thinks that it would be good to do something. If a better
> idea than what I've implemented comes along, I'm happy to defer to it,
> but I think this is one of those cases in which there probably isn't
> any totally satisfying solution, and yet doing nothing is not a
> superior alternative.
>
> Thanks,
>



Commits

  1. More documentation update for GRANT ... WITH SET OPTION.

  2. Restrict the privileges of CREATEROLE users.

  3. Add support for GRANT SET in psql tab completion

  4. Add a SET option to the GRANT command.

  5. Allow grant-level control of role inheritance behavior.