Re: CREATEROLE and role ownership hierarchies
Mark Dilger <mark.dilger@enterprisedb.com>
From: Mark Dilger <mark.dilger@enterprisedb.com>
To: Joshua Brindle <joshua.brindle@crunchydata.com>
Cc: Andrew Dunstan <andrew@dunslane.net>,
Shinya Kato <Shinya11.Kato@oss.nttdata.com>,
"Bossart, Nathan" <bossartn@amazon.com>,
PostgreSQL-development <pgsql-hackers@postgresql.org>,
Jeff Davis <pgsql@j-davis.com>
Date: 2022-01-06T00:05:41Z
Lists: pgsql-hackers
Attachments
- v4-0001-Add-tests-of-the-CREATEROLE-attribute.patch (application/octet-stream) patch v4-0001
- v4-0002-Add-owners-to-roles.patch (application/octet-stream) patch v4-0002
- v4-0003-Give-role-owners-control-over-owned-roles.patch (application/octet-stream) patch v4-0003
- v4-0004-Restrict-power-granted-via-CREATEROLE.patch (application/octet-stream) patch v4-0004
- v4-0005-Remove-grantor-field-from-pg_auth_members.patch (application/octet-stream) patch v4-0005
- (unnamed) (text/plain)
> On Jan 4, 2022, at 12:47 PM, Joshua Brindle <joshua.brindle@crunchydata.com> wrote: > >> I was able to reproduce that using REASSIGN OWNED BY to cause a user to own itself. Is that how you did it, or is there yet another way to get into that state? > > I did: > ALTER ROLE brindle OWNER TO brindle; Ok, thanks. I have rebased, fixed both REASSIGN OWNED BY and ALTER ROLE .. OWNER TO cases, and added regression coverage for them. The last patch set to contain significant changes was v2, with v3 just being a rebase. Relative to those sets: 0001 -- rebased. 0002 -- rebased; extend AlterRoleOwner_internal to disallow making a role its own immediate owner. 0003 -- rebased; extend AlterRoleOwner_internal to disallow cycles in the role ownership graph. 0004 -- rebased. 0005 -- new; removes the broken pg_auth_members.grantor field.
Commits
-
Make role grant system more consistent with other privileges.
- ce6b672e4455 16.0 landed
-
Ensure that pg_auth_members.grantor is always valid.
- 6566133c5f52 16.0 landed
-
Remove the ability of a role to administer itself.
- 79de9842ab03 15.0 landed
-
Add tests of the CREATEROLE attribute
- e9d4001ec592 15.0 landed
-
Replace explicit PIN entries in pg_depend with an OID range test.
- a49d08123599 15.0 cited
-
Shore up ADMIN OPTION restrictions.
- fea164a72a7b 9.4.0 cited
-
Add pg_has_role() family of privilege inquiry functions modeled after the
- f9fd1764615e 8.1.0 cited
-
Align GRANT/REVOKE behavior more closely with the SQL spec, per discussion
- 4b2dafcc0b1a 8.0.0 cited