Re: pg_auth_members.grantor is bunk

Robert Haas <robertmhaas@gmail.com>

From: Robert Haas <robertmhaas@gmail.com>
To: "David G. Johnston" <david.g.johnston@gmail.com>
Cc: Stephen Frost <sfrost@snowman.net>, Tom Lane <tgl@sss.pgh.pa.us>, Mark Dilger <mark.dilger@enterprisedb.com>, Andrew Dunstan <andrew@dunslane.net>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2022-07-29T12:46:06Z
Lists: pgsql-hackers
On Thu, Jul 28, 2022 at 5:17 PM David G. Johnston
<david.g.johnston@gmail.com> wrote:
> I suggest changing \du memberof to output something like this:
>
>  rolname |              memberof
> ---------+------------------------------------
>  vagrant | {}
>  r       | {q:admin/vagrant}
>  t       | {q:admin/vagrant,s:member/vagrant}
>
> (needs sorting, tried to model it after ACL - column privileges specifically)

I don't know. I agree with you that we should probably think about
changing the \du output, but I'm not sure if I like this particular
idea about how to do it. I mean, the ACL format that we use for tables
and other objects is basically an internal format which we throw at
the user, hoping they'll know how to interpret it. I don't know if
it's what we should pick when we don't have that kind of internal
format already. On the other hand, consistency is worth something, and
I'm not sure that I have a better idea.

https://commitfest.postgresql.org/38/3744/ might affect what we want
to do here, too.

> If we aren't dead set on having \du and \dg be aliases for each other I'd rather redesign \dg (or add a new meta-command) to be a group-centric view of this exact same data instead of user-centric one.  Namely it has a "members" column instead of "memberof" and have it output, one line per member:
>
> user=[admin|member]/grantor

That seems like a topic for a separate thread, but I agree that a
flipped view of this data would be more useful than using two letters
of the alphabet for exactly the same thing, especially given that
we're pretty short on unused letters.

> I don't have any meaningful insight as to breaking things with these changes but I am strongly in favor of tightening this up and formalizing it.

Cool.

-- 
Robert Haas
EDB: http://www.enterprisedb.com



Commits

  1. Make role grant system more consistent with other privileges.

  2. Ensure that pg_auth_members.grantor is always valid.

  3. Remove the ability of a role to administer itself.

  4. Add tests of the CREATEROLE attribute

  5. Replace explicit PIN entries in pg_depend with an OID range test.

  6. Shore up ADMIN OPTION restrictions.

  7. Add pg_has_role() family of privilege inquiry functions modeled after the

  8. Align GRANT/REVOKE behavior more closely with the SQL spec, per discussion