Re: Allow CURRENT_ROLE in GRANTED BY

Daniel Gustafsson <daniel@yesql.se>

From: Daniel Gustafsson <daniel@yesql.se>
To: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
Cc: Simon Riggs <simon@2ndquadrant.com>, Vik Fearing <vik@postgresfriends.org>, pgsql-hackers <pgsql-hackers@postgresql.org>
Date: 2021-11-16T14:04:11Z
Lists: pgsql-hackers

Attachments

> On 30 Jan 2021, at 09:51, Peter Eisentraut <peter.eisentraut@2ndquadrant.com> wrote:
> 
> On 2020-12-30 13:43, Simon Riggs wrote:
>> On Thu, 10 Dec 2020 at 18:40, Peter Eisentraut
>> <peter.eisentraut@2ndquadrant.com> wrote:
>>> 
>>> On 2020-06-24 20:21, Peter Eisentraut wrote:
>>>> On 2020-06-24 10:12, Vik Fearing wrote:
>>>>> On 6/24/20 8:35 AM, Peter Eisentraut wrote:
>>>>>> I was checking some loose ends in SQL conformance, when I noticed: We
>>>>>> support GRANT role ... GRANTED BY CURRENT_USER, but we don't support
>>>>>> CURRENT_ROLE in that place, even though in PostgreSQL they are
>>>>>> equivalent.  Here is a trivial patch to add that.
>>>>> 
>>>>> 
>>>>> The only thing that isn't dead-obvious about this patch is the commit
>>>>> message says "[PATCH 1/2]".  What is in the other part?
>>>> 
>>>> Hehe.  The second patch is some in-progress work to add the GRANTED BY
>>>> clause to the regular GRANT command.  More on that perhaps at a later date.
>>> 
>>> Here is the highly anticipated and quite underwhelming second part of
>>> this patch set.
>> Looks great, but no test to confirm it works. I would suggest adding a
>> test and committing directly since I don't see any cause for further
>> discussion.
> 
> Committed with some tests.  Thanks.

While looking at the proposed privileges.sql test patch from Mark Dilger [0] I
realized that the commit above seems to have missed the RevokeRoleStmt syntax.
As per the SQL Spec it should be supported there as well AFAICT.  Was this
intentional or should the attached small diff be applied to fix it?

--
Daniel Gustafsson		https://vmware.com/

[0] 333B0203-D19B-4335-AE64-90EB0FAF46F0@enterprisedb.com

Commits

  1. Fix GRANTED BY support in REVOKE ROLE statements

  2. Allow GRANTED BY clause in normal GRANT and REVOKE statements

  3. Try to stabilize output from rolenames regression test.

  4. Allow CURRENT_ROLE where CURRENT_USER is accepted