Re: fixing CREATEROLE

Robert Haas <robertmhaas@gmail.com>

From: Robert Haas <robertmhaas@gmail.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Alvaro Herrera <alvherre@alvh.no-ip.org>, "David G. Johnston" <david.g.johnston@gmail.com>, Mark Dilger <mark.dilger@enterprisedb.com>, walther@technowledgy.de, "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2025-05-02T12:04:42Z
Lists: pgsql-hackers
On Thu, May 1, 2025 at 4:31 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
> In any case, I'd be happier about createrole_self_grant if it had
> been a role property bit instead of a GUC.  But we'd still need
> to worry about whether it corrupts the results of dump/restore
> (offhand I think it still would, if it results in GRANTs that
> weren't there before).

Hmm. That might have been a better design. :-(

-- 
Robert Haas
EDB: http://www.enterprisedb.com



Commits

  1. Add new GUC createrole_self_grant.

  2. Restrict the privileges of CREATEROLE users.

  3. Pass down current user ID to AddRoleMems and DelRoleMems.

  4. Refactor permissions-checking for role grants.

  5. Improve documentation of the CREATEROLE attibute.

  6. Make role grant system more consistent with other privileges.