Re: fixing CREATEROLE
Wolfgang Walther <walther@technowledgy.de>
From: walther@technowledgy.de
To: "David G. Johnston" <david.g.johnston@gmail.com>
Cc: Robert Haas <robertmhaas@gmail.com>, Tom Lane <tgl@sss.pgh.pa.us>,
Mark Dilger <mark.dilger@enterprisedb.com>,
"pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2022-11-28T19:42:15Z
Lists: pgsql-hackers
David G. Johnston: > A quick tally of the thread so far: > > No Defaults needed: David J., Mark?, Tom? > Defaults needed - attached to role directly: Robert > Defaults needed - defined within Default Privileges: Walther? s/Walther/Wolfgang > The capability itself seems orthogonal to the rest of the patch to track > these details better. I think we can "Fix CREATEROLE" without any > feature regarding optional default behaviors and would suggest this > patch be so limited and that another thread be started for discussion of > (assuming a default specifying mechanism is wanted overall) how it > should look. Let's not let a usability debate distract us from fixing a > real problem. +1 I didn't argue for whether defaults are needed in this case or not. I just said that ADP is better for defaults than role attributes are. Or the other way around: I think role attributes are not a good way to express those. Personally, I'm in the No Defaults needed camp, too. Best, Wolfgang
Commits
-
Add new GUC createrole_self_grant.
- e5b8a4c098ad 16.0 landed
-
Restrict the privileges of CREATEROLE users.
- cf5eb37c5ee0 16.0 landed
-
Pass down current user ID to AddRoleMems and DelRoleMems.
- 39cffe95f2c5 16.0 landed
-
Refactor permissions-checking for role grants.
- 25bb03166b16 16.0 landed
-
Improve documentation of the CREATEROLE attibute.
- 0b496bc9881f 11.19 landed
- 1a5ff7be2696 12.14 landed
- 5dac191edf18 13.10 landed
- 1c77873727df 16.0 landed
- 5136c3fb575b 14.7 landed
- aa26980ca081 15.2 landed
-
Make role grant system more consistent with other privileges.
- ce6b672e4455 16.0 cited