Re: Allow placeholders in ALTER ROLE w/o superuser
Alexander Korotkov <aekorotkov@gmail.com>
From: Alexander Korotkov <aekorotkov@gmail.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Kyotaro Horiguchi <horikyota.ntt@gmail.com>, nathandbossart@gmail.com,
steve@supabase.io, pgsql-hackers@postgresql.org
Date: 2022-11-19T00:56:35Z
Lists: pgsql-hackers
On Sat, Nov 19, 2022 at 12:33 AM Tom Lane <tgl@sss.pgh.pa.us> wrote: > Alexander Korotkov <aekorotkov@gmail.com> writes: > > This makes sense. But do we really need to store the OID of the role? > > validate_option_array_item() already checks if the placeholder option > > passes validation for PGC_SUSET. So, we can just save a flag > > indicating that this check was not successful. If so, then the value > > stored can be only used for PGC_USERSET. Do you think this would be > > correct? > > Meh ... doesn't seem like much of an improvement. You still need > to store something that's not there now. Yes, but it wouldn't be needed to track dependencies of pg_role mentions in pg_db_role_setting. That seems to be a significant simplification. > This also seems to require > some shaky assumptions about decisions having been made when storing > still being valid later on. Given the possibility of granting or > revoking permissions for SET, I think we don't really want it to act > that way. Yes, it might be shaky. Consider user sets parameter pg_db_role_setting, and that appears to be capable only for PGC_USERSET. Next this user gets the SET permissions. Then this parameter needs to be set again in order for the new permission to take effect. But consider the other side. How should we handle stored OID of a role? Should the privilege checking be moved from "set time" to "run time"? Therefore, revoking SET permission from role may affect existing parameters in pg_db_role_setting. It feels like revoke of SET permission also aborts changes previously made with that permission. This is not how we normally do, and that seems confusing. I think if we implement the flag and make it user-visible, e.g. implement something like "ALTER ROLE ... SET ... USERSET;", then it might be the lesser confusing option. Thoughts? ------ Regards, Alexander Korotkov
Commits
Same data as JSON:
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Remove extra regress check arguments from test_pg_db_role_setting
- 529da086ba7f 16.0 landed
-
meson: Add 'running' test setup, as a replacement for installcheck
- afdd9f7f0e00 16.0 landed
-
Add USER SET parameter values for pg_db_role_setting
- 096dd80f3ccc 16.0 landed
-
Fix sloppy cleanup of roles in privileges.sql.
- b62303794efd 16.0 cited
-
Drop test user when done with it.
- f31111bbe81d 12.0 cited
-
GRANT rights to CURRENT_USER instead of adding roles
- 6928484bda45 9.6.0 cited
-
Clean up roles from roleattributes test
- 072710dff3ee 9.6.0 cited
-
Make repeated 'make installcheck' runs work
- b22b77068380 9.5.0 cited