Re: replacing role-level NOINHERIT with a grant-level option
Robert Haas <robertmhaas@gmail.com>
From: Robert Haas <robertmhaas@gmail.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Joe Conway <mail@joeconway.com>, "Bossart, Nathan" <bossartn@amazon.com>, Stephen Frost <sfrost@snowman.net>,
PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2022-06-02T18:06:00Z
Lists: pgsql-hackers
On Thu, Jun 2, 2022 at 1:17 PM Tom Lane <tgl@sss.pgh.pa.us> wrote: > Point 2 would cause every existing pg_dumpall script to fail, which > seems like kind of a large gotcha. Less unpleasant alternatives > could include > > * Continue to accept the syntax, but ignore it, maybe with a WARNING > for the alternative that doesn't correspond to the new behavior. > > * Keep pg_authid.rolinherit, and have it act as supplying the default > behavior for subsequent GRANTs to that role. Of those two alternatives, I would certainly prefer the first, because the second doesn't actually get rid of the ugly wart. It just adds a non-ugly thing that we have to maintain along with the ugly thing, apparently in perpetuity. If we do the first of these, we can probably remove the obsolete syntax at some point in the distant future, and in the meantime, we don't have to figure out how it's supposed to interact with existing features or new ones, since the actual feature is already removed. -- Robert Haas EDB: http://www.enterprisedb.com
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Fix a bug in roles_is_member_of.
- 0101f770a05b 16.0 landed
-
docs: Fix up some out-of-date references to INHERIT/NOINHERIT.
- 620ac285483f 16.0 landed
-
Allow grant-level control of role inheritance behavior.
- e3ce2de09d81 16.0 landed
-
Make role grant system more consistent with other privileges.
- ce6b672e4455 16.0 cited
-
Document basebackup_to_shell.required_role.
- 26a0c025e233 15.0 landed