Re: fixing CREATEROLE
David G. Johnston <david.g.johnston@gmail.com>
From: "David G. Johnston" <david.g.johnston@gmail.com>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Tom Lane <tgl@sss.pgh.pa.us>, Mark Dilger <mark.dilger@enterprisedb.com>, "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2022-11-23T21:19:20Z
Lists: pgsql-hackers
On Wed, Nov 23, 2022 at 2:01 PM Robert Haas <robertmhaas@gmail.com> wrote: > In the latter case there are two, one with > > grantor=bootstrap_supeuser/admin_option=true/set_option=false/inherit_option=false > and a second with > grantor=alice/admin_option=false/set_option=true/inherit_option=true. > This, IMO, is preferable. And I'd probably typically want to hide the first grant from the user in typical cases - it is an implementation detail. We have to grant the creating role membership in the created role, with admin option, as a form of bookkeeping. If the creating role really wants to be a member of the created role for other reasons that should be done explicitly and granted by the creating role. This patch series need not be concerned about how easy or difficult it is to get the additional grant entry into the database. The ability to refine the permissions in the data model is there so there should be no complaints that "it is impossible to set up this combination of permissions". We've provided a detailed model and commands to alter it - the users can build their scripts to glue those things together. David J.
Commits
-
Add new GUC createrole_self_grant.
- e5b8a4c098ad 16.0 landed
-
Restrict the privileges of CREATEROLE users.
- cf5eb37c5ee0 16.0 landed
-
Pass down current user ID to AddRoleMems and DelRoleMems.
- 39cffe95f2c5 16.0 landed
-
Refactor permissions-checking for role grants.
- 25bb03166b16 16.0 landed
-
Improve documentation of the CREATEROLE attibute.
- 0b496bc9881f 11.19 landed
- 1a5ff7be2696 12.14 landed
- 5dac191edf18 13.10 landed
- 1c77873727df 16.0 landed
- 5136c3fb575b 14.7 landed
- aa26980ca081 15.2 landed
-
Make role grant system more consistent with other privileges.
- ce6b672e4455 16.0 cited