Re: CREATEROLE and role ownership hierarchies

Robert Haas <robertmhaas@gmail.com>

From: Robert Haas <robertmhaas@gmail.com>
To: Greg Stark <stark@mit.edu>
Cc: Mark Dilger <mark.dilger@enterprisedb.com>, Stephen Frost <sfrost@snowman.net>, Andrew Dunstan <andrew@dunslane.net>, "Bossart, Nathan" <bossartn@amazon.com>, Jeff Davis <pgsql@j-davis.com>, Joshua Brindle <joshua.brindle@crunchydata.com>, PostgreSQL-development <pgsql-hackers@postgresql.org>, Shinya Kato <Shinya11.Kato@oss.nttdata.com>
Date: 2022-04-01T14:56:35Z
Lists: pgsql-hackers
On Fri, Apr 1, 2022 at 10:46 AM Greg Stark <stark@mit.edu> wrote:
> The cfbot is testing the last patch posted to this thread which is the
> remove-self-own patch which was already committed. I gather that
> there's still (at least one) patch under discussion.
>
> Could I suggest reposting the last version of the main patch, perhaps
> rebasing it. That way the cfbot would at least continue to test for
> conflicts.

We should move this patch to the next CF or maybe even mark it
returned with feedback. We're not going to get anything else done here
for v15, and I'm not sure whether what we do beyond that will take
this form or not.

-- 
Robert Haas
EDB: http://www.enterprisedb.com



Commits

  1. Make role grant system more consistent with other privileges.

  2. Ensure that pg_auth_members.grantor is always valid.

  3. Remove the ability of a role to administer itself.

  4. Add tests of the CREATEROLE attribute

  5. Replace explicit PIN entries in pg_depend with an OID range test.

  6. Shore up ADMIN OPTION restrictions.

  7. Add pg_has_role() family of privilege inquiry functions modeled after the

  8. Align GRANT/REVOKE behavior more closely with the SQL spec, per discussion