Re: fixing CREATEROLE
Robert Haas <robertmhaas@gmail.com>
From: Robert Haas <robertmhaas@gmail.com>
To: Alvaro Herrera <alvherre@alvh.no-ip.org>
Cc: "David G. Johnston" <david.g.johnston@gmail.com>,
Mark Dilger <mark.dilger@enterprisedb.com>, walther@technowledgy.de, Tom Lane <tgl@sss.pgh.pa.us>, "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2023-01-03T20:11:47Z
Lists: pgsql-hackers
Attachments
- v3-0001-Refactor-permissions-checking-for-role-grants.patch (application/octet-stream) patch v3-0001
- v3-0004-Add-new-GUC-createrole_self_grant.patch (application/octet-stream) patch v3-0004
- v3-0002-Pass-down-current-user-ID-to-AddRoleMems-and-DelR.patch (application/octet-stream) patch v3-0002
- v3-0003-Restrict-the-privileges-of-CREATEROLE-users.patch (application/octet-stream) patch v3-0003
On Fri, Dec 23, 2022 at 4:55 PM Robert Haas <robertmhaas@gmail.com> wrote: > On Thu, Dec 22, 2022 at 9:14 AM Alvaro Herrera <alvherre@alvh.no-ip.org> wrote: > > The contents looks good to me other than that problem, and I agree to > > backpatch it. > > Cool. Thanks for the review. > > > Why did you choose to use two dots for ellipses in some command > > <literal>s rather than three? I know I've made that choice too on > > occassion, but there aren't many such cases and maybe we should put a > > stop to it (or a period) before it spreads too much. > > Honestly, I wasn't aware that we had some other convention for it. Committed and back-patched 0001 with fixes for the issues that you pointed out. Here's a trivial rebase of the rest of the patch set. -- Robert Haas EDB: http://www.enterprisedb.com
Commits
-
Add new GUC createrole_self_grant.
- e5b8a4c098ad 16.0 landed
-
Restrict the privileges of CREATEROLE users.
- cf5eb37c5ee0 16.0 landed
-
Pass down current user ID to AddRoleMems and DelRoleMems.
- 39cffe95f2c5 16.0 landed
-
Refactor permissions-checking for role grants.
- 25bb03166b16 16.0 landed
-
Improve documentation of the CREATEROLE attibute.
- 0b496bc9881f 11.19 landed
- 1a5ff7be2696 12.14 landed
- 5dac191edf18 13.10 landed
- 1c77873727df 16.0 landed
- 5136c3fb575b 14.7 landed
- aa26980ca081 15.2 landed
-
Make role grant system more consistent with other privileges.
- ce6b672e4455 16.0 cited