Thread

  1. has_schema_privilege(), but taking inheritance into account

    Dominique Devienne <ddevienne@gmail.com> — 2025-10-02T12:21:51Z

    Hi.
    
    With pg_has_role(), I can use USAGE for access right now, or MEMBER
    for "possible" access after a SET ROLE. I.e. I can see GRANT
    INHERIT'ance in action.
    
    But with has_schema_privilege(..., 'USAGE'), I can only check the
    "right now" case. But I'd like to be able to take "indirect USAGE"
    into account, via non-INHERIT'ed ROLE membership. To mirror what
    pg_has_role() provides.
    
    Could there be an extra argument to check for INHERIT and GRANTABLE?
    Or variation in the string it accept to allow checking for those?
    
    E.g. you can check for ADMIN OPTION (i.e. regrantable) with
    pg_has_role(). But you can't with has_schema_privilege() (or other
    ACL-based object classes).
    
    Basically I'd wish for inheritance and grantable aware
    has_xyz_privilege(), similar to pg_has_role().
    
    Any chance this might land eventually?
    Am I the only one who uses ROLEs that extensively and thus feels that need?
    
    Baring the above, any way to similute it in SQL? --DD