Re: [PATCH v2] use has_privs_for_role for predefined roles

Tom Lane <tgl@sss.pgh.pa.us>

From: Tom Lane <tgl@sss.pgh.pa.us>
To: Joe Conway <mail@joeconway.com>
Cc: Joshua Brindle <joshua.brindle@crunchydata.com>, "Bossart, Nathan" <bossartn@amazon.com>, Stephen Frost <sfrost@snowman.net>, Robert Haas <robertmhaas@gmail.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2022-02-06T17:24:50Z
Lists: pgsql-hackers
Joe Conway <mail@joeconway.com> writes:
> I'd like to pick this patch up and see it through to commit/push. 
> Presumably that will include back-patching to all supported pg versions.
> Before I go through the effort to back-patch, does anyone want to argue 
> that this should *not* be back-patched?

Hm, I'm -0.5 or so.  I think changing security-related behaviors
in a stable branch is a hard sell unless you are closing a security
hole.  This is a fine improvement for HEAD but I'm inclined to
leave the back branches alone.

			regards, tom lane



Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Fix a bug in roles_is_member_of.

  2. docs: Fix up some out-of-date references to INHERIT/NOINHERIT.

  3. Allow grant-level control of role inheritance behavior.

  4. Make role grant system more consistent with other privileges.

  5. Document basebackup_to_shell.required_role.