Re: Orphaned users in PG16 and above can only be managed by Superusers
Ashutosh Sharma <ashu.coek88@gmail.com>
From: Ashutosh Sharma <ashu.coek88@gmail.com>
To: Nathan Bossart <nathandbossart@gmail.com>
Cc: Robert Haas <robertmhaas@gmail.com>, Andrew Dunstan <andrew@dunslane.net>, Andres Freund <andres@anarazel.de>, Tomas Vondra <tomas@vondra.me>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2025-03-10T05:45:04Z
Lists: pgsql-hackers
Hi, On Fri, Mar 7, 2025 at 10:55 PM Nathan Bossart <nathandbossart@gmail.com> wrote: > > I noticed that much of this code is lifted from DropRole(), and the new > check_drop_role_dependency() function is only used by DropRole() right > before it does the exact same scans. Couldn't we put the new dependency > detection in those existing scans in DropRole()? > It can be done, but mixing the code that checks for the drop role dependency with the code that removes entries for the role being dropped from pg_auth_members could reduce clarity and precision. This is more of a sanity check which I felt was necessary before we proceed with actually dropping the role, starting with the deletion of drop role entries from the system catalogs. I’m aware there’s some code duplication, but I think it should be fine. -- With Regards, Ashutosh Sharma.