Re: BUG #17346: pg_upgrade fails with role granted by other role

Daniel Gustafsson <daniel@yesql.se>

From: Daniel Gustafsson <daniel@yesql.se>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: andrewbille@gmail.com, pgsql-bugs@lists.postgresql.org
Date: 2021-12-27T16:18:33Z
Lists: pgsql-bugs

> On 27 Dec 2021, at 17:07, Tom Lane <tgl@sss.pgh.pa.us> wrote:
> 
> PG Bug reporting form <noreply@postgresql.org> writes:
>> After the commit:
> 
>> commit 371087d006e04991080bf17cf2287db38d3ea92e
>> Author: Daniel Gustafsson <dgustafsson@postgresql.org>
>> Date:   Fri Nov 26 14:02:01 2021 +0100
>>    Fix GRANTED BY support in REVOKE ROLE statements
> 
>> pg_upgrade for example from 10.19 version causes the error:
> 
> Yeah, you don't even need pg_upgrade.  Just do
> 
> regression=# CREATE ROLE user1; CREATE ROLE user2; GRANT user1 TO user2 GRANTED BY user1;
> CREATE ROLE
> CREATE ROLE
> ERROR:  grantor must be current user
> 
> A superuser, or really anyone who's a member of the user1 role,
> ought to be able to do that (especially since it used to be allowed).
> So it seems the permissions check was coded incorrectly.
> 
>            regards, tom lane

Thanks for the report, I’m OOO until late tonight but I’ll have a look when in.

cheers ./daniel


Commits

  1. Revert b2a459edf "Fix GRANTED BY support in REVOKE ROLE statements"

  2. Fix GRANTED BY support in REVOKE ROLE statements

  3. Allow GRANTED BY clause in normal GRANT and REVOKE statements