Re: Orphaned users in PG16 and above can only be managed by Superusers
Robert Haas <robertmhaas@gmail.com>
From: Robert Haas <robertmhaas@gmail.com>
To: Andres Freund <andres@anarazel.de>
Cc: Tomas Vondra <tomas@vondra.me>, Ashutosh Sharma <ashu.coek88@gmail.com>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2025-01-23T21:06:15Z
Lists: pgsql-hackers
On Thu, Jan 23, 2025 at 3:51 PM Andres Freund <andres@anarazel.de> wrote: > I wonder if it's a mistake that a role membership that has WITH ADMIN on > another role is silently removed if the member role is removed. We e.g. do > *not* do that for pg_auth_members.grantor: > > ERROR: 2BP01: role "r1" cannot be dropped because some objects depend on it > DETAIL: privileges for membership of role r2 in role r3 Yeah, I'm not sure about this either, but this is the kind of thing I was thinking about when I replied before, saying that maybe dropping role B shouldn't just succeed. Maybe dropping a role that doesn't have privileges to administer any other role should be different than dropping one that does. -- Robert Haas EDB: http://www.enterprisedb.com