Re: [PATCH v2] use has_privs_for_role for predefined roles

Joshua Brindle <joshua.brindle@crunchydata.com>

From: Joshua Brindle <joshua.brindle@crunchydata.com>
To: Joe Conway <mail@joeconway.com>
Cc: Nathan Bossart <nathandbossart@gmail.com>, Robert Haas <robertmhaas@gmail.com>, Tom Lane <tgl@sss.pgh.pa.us>, "Bossart, Nathan" <bossartn@amazon.com>, Stephen Frost <sfrost@snowman.net>, PostgreSQL-development <pgsql-hackers@postgresql.org>
Date: 2022-03-03T16:26:01Z
Lists: pgsql-hackers

Attachments

On Thu, Feb 10, 2022 at 2:37 PM Joe Conway <mail@joeconway.com> wrote:
>
> On 2/10/22 14:28, Nathan Bossart wrote:
> > On Wed, Feb 09, 2022 at 04:39:11PM -0500, Joe Conway wrote:
> >> On 2/9/22 13:13, Nathan Bossart wrote:
> >>> I do wonder if users find the differences between predefined roles and role
> >>> attributes confusing.  INHERIT doesn't govern role attributes, but it will
> >>> govern predefined roles when this patch is applied.  Maybe the role
> >>> attribute system should eventually be deprecated in favor of using
> >>> predefined roles for everything.  Or perhaps the predefined roles should be
> >>> converted to role attributes.
> >>
> >> Yep, I was suggesting that the latter would have been preferable to me while
> >> Robert seemed to prefer the former. Honestly I could be happy with either of
> >> those solutions, but as I alluded to that is probably a discussion for the
> >> next development cycle since I don't see us doing that big a change in this
> >> one.
> >
> > I agree.  I still think Joshua's proposed patch is a worthwhile improvement
> > for v15.
>
> +1
>
> I am planning to get into it in detail this weekend. So far I have
> really just ensured it merges cleanly and passes make world.
>

Rebased patch to apply to master attached.

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Fix a bug in roles_is_member_of.

  2. docs: Fix up some out-of-date references to INHERIT/NOINHERIT.

  3. Allow grant-level control of role inheritance behavior.

  4. Make role grant system more consistent with other privileges.

  5. Document basebackup_to_shell.required_role.