Re: Tying an object's ownership to datdba
John Naylor <john.naylor@enterprisedb.com>
From: John Naylor <john.naylor@enterprisedb.com>
To: Noah Misch <noah@leadboat.com>
Cc: pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2021-03-24T15:57:37Z
Lists: pgsql-hackers
On Mon, Dec 28, 2020 at 12:32 AM Noah Misch <noah@leadboat.com> wrote: > [v2] Hi Noah, In the refactoring patch, there is a lingering comment reference to roles_has_privs_of(). Aside from that, it looks good to me. A possible thing to consider is an assert that is_admin is not null where we expect that. The database owner role patch looks good as well. > I ended up blocking DDL that creates role memberships involving the new role; > see reasons in user.c comments. Lifting those restrictions looked feasible, > but it was inessential to the mission, and avoiding unintended consequences > would have been tricky. Views "information_schema.enabled_roles" and > "information_schema.applicable_roles" list any implicit membership in > pg_database_owner, but pg_catalog.pg_group and psql \dgS do not. If this > leads any reviewer to look closely at applicable_roles, note that its behavior > doesn't match its documentation > (https://postgr.es/m/flat/20060728170615.GY20016@kenobi.snowman.net). Is this something that needs fixing separately? -- John Naylor EDB: http://www.enterprisedb.com
Commits
-
Add "pg_database_owner" default role.
- a14a0118a1fe 14.0 landed
-
Merge similar algorithms into roles_is_member_of().
- f687bf61ed4d 14.0 landed