Re: [PATCH v2] use has_privs_for_role for predefined roles

Joshua Brindle <joshua.brindle@crunchydata.com>

From: Joshua Brindle <joshua.brindle@crunchydata.com>
To: Robert Haas <robertmhaas@gmail.com>
Cc: PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2021-10-27T21:20:13Z
Lists: pgsql-hackers
On Wed, Oct 27, 2021 at 5:16 PM Robert Haas <robertmhaas@gmail.com> wrote:
>
> On Wed, Oct 27, 2021 at 5:14 PM Joshua Brindle
> <joshua.brindle@crunchydata.com> wrote:
> > Attached is an updated version of the patch to replace
> > is_member_of_role with has_privs_for_role for predefined roles. It
> > does not remove is_member_of_role from acl.h but it does add a warning
> > not to use that function for privilege checking.
> >
> > Please consider this for the upcoming commitfest.
>
> I am not sure I understand what the advantage of this is supposed to be.

Pre-defined roles currently do not operate the same way other roles do
with respect to inheritance. The patchfile has an explanation and
examples, I wasn't sure if that needed to be repeated in the email or
not.



Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Fix a bug in roles_is_member_of.

  2. docs: Fix up some out-of-date references to INHERIT/NOINHERIT.

  3. Allow grant-level control of role inheritance behavior.

  4. Make role grant system more consistent with other privileges.

  5. Document basebackup_to_shell.required_role.