Re: pg_auth_members.grantor is bunk
Robert Haas <robertmhaas@gmail.com>
From: Robert Haas <robertmhaas@gmail.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Jacob Champion <jchampion@timescale.com>,
Stephen Frost <sfrost@snowman.net>, "David G. Johnston" <david.g.johnston@gmail.com>,
Mark Dilger <mark.dilger@enterprisedb.com>, Andrew Dunstan <andrew@dunslane.net>,
PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2022-08-01T19:51:03Z
Lists: pgsql-hackers
Attachments
- v4-0002-Make-role-grant-system-more-consistent-with-other.patch (application/octet-stream) patch v4-0002
- v4-0001-Ensure-that-pg_auth_members.grantor-is-always-val.patch (application/octet-stream) patch v4-0001
On Mon, Aug 1, 2022 at 1:38 PM Tom Lane <tgl@sss.pgh.pa.us> wrote: >> I think the latter --- the cfbot thinks the July CF is no longer relevant, > but Jacob hasn't yet moved your patches forward. You could wait for > him to do that, or do it yourself. Done. New patches attached. Changes in v4, for 0001: - Typo fix. - Whitespace fixes. Changes in v4, for 0002: - Remove "XXX sketchy" comment because the thing in question turns out not to be sketchy. It has to do with the behavior of ALTER GROUP .. DROP USER and, having investigated the situation, I think the messaging is clear enough. - But just to be sure, add a note to the ALTER GROUP documentation to try to make things more clear. - Wording fixes to the "If <literal>GRANTED BY</literal> is specified..." paragraph of the GRANT documentation. I reworded this a bit more extensively than what Stephen proposed. Hopefully this is clearer now, or at least no longer missing any words. - Change message to "admin option cannot be granted back to your own grantor". The choice of message is intended to be consistent with the existing message "grant options cannot be granted back to your own grantor," but while there's one grant option per privilege, there's only one admin option. Stephen suggested adopting a message that I had meant to take out of the version I posted, but which ended up surviving in one place, "grants with admin options cannot be circular". And we could still decide to do something like that, but my enthusiasm for that direction was considerably reduced when I realized that "circular" is not very clear at all, because there are multiple kinds of circularities (role-member, member-grantor). - Fix comment to say DROP_RESTRICT instead of DROP_RECURSE. - Make the comment for check_role_grantor() longer so that it can better explain itself. - Rephrase part of the header comment for initialize_revoke_actions() because Stephen found it awkward. - Whitespace fixes. -- Robert Haas EDB: http://www.enterprisedb.com
Commits
-
Make role grant system more consistent with other privileges.
- ce6b672e4455 16.0 landed
-
Ensure that pg_auth_members.grantor is always valid.
- 6566133c5f52 16.0 landed
-
Remove the ability of a role to administer itself.
- 79de9842ab03 15.0 landed
-
Add tests of the CREATEROLE attribute
- e9d4001ec592 15.0 landed
-
Replace explicit PIN entries in pg_depend with an OID range test.
- a49d08123599 15.0 cited
-
Shore up ADMIN OPTION restrictions.
- fea164a72a7b 9.4.0 cited
-
Add pg_has_role() family of privilege inquiry functions modeled after the
- f9fd1764615e 8.1.0 cited
-
Align GRANT/REVOKE behavior more closely with the SQL spec, per discussion
- 4b2dafcc0b1a 8.0.0 cited