Re: fixing CREATEROLE

Wolfgang Walther <walther@technowledgy.de>

From: walther@technowledgy.de
To: "David G. Johnston" <david.g.johnston@gmail.com>
Cc: Robert Haas <robertmhaas@gmail.com>, Tom Lane <tgl@sss.pgh.pa.us>, Mark Dilger <mark.dilger@enterprisedb.com>, "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2022-11-28T19:42:15Z
Lists: pgsql-hackers
David G. Johnston:
> A quick tally of the thread so far:
> 
> No Defaults needed: David J., Mark?, Tom?
> Defaults needed - attached to role directly: Robert
> Defaults needed - defined within Default Privileges: Walther?

s/Walther/Wolfgang

> The capability itself seems orthogonal to the rest of the patch to track 
> these details better.  I think we can "Fix CREATEROLE" without any 
> feature regarding optional default behaviors and would suggest this 
> patch be so limited and that another thread be started for discussion of 
> (assuming a default specifying mechanism is wanted overall) how it 
> should look.  Let's not let a usability debate distract us from fixing a 
> real problem.

+1

I didn't argue for whether defaults are needed in this case or not. I 
just said that ADP is better for defaults than role attributes are. Or 
the other way around: I think role attributes are not a good way to 
express those.

Personally, I'm in the No Defaults needed camp, too.

Best,

Wolfgang



Commits

  1. Add new GUC createrole_self_grant.

  2. Restrict the privileges of CREATEROLE users.

  3. Pass down current user ID to AddRoleMems and DelRoleMems.

  4. Refactor permissions-checking for role grants.

  5. Improve documentation of the CREATEROLE attibute.

  6. Make role grant system more consistent with other privileges.