Re: has_privs_of_role vs. is_member_of_role, redux
Stephen Frost <sfrost@snowman.net>
From: Stephen Frost <sfrost@snowman.net>
To: Wolfgang Walther <walther@technowledgy.de>
Cc: Robert Haas <robertmhaas@gmail.com>, "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2022-09-26T19:41:11Z
Lists: pgsql-hackers
Greetings, * Wolfgang Walther (walther@technowledgy.de) wrote: > Robert Haas: > > I don't think we're going to be very happy if we redefine inheriting > > the privileges of another role to mean inheriting only some of them. > > That seems pretty counterintuitive to me. I also think that this > > particular definition is pretty fuzzy. > > Scratch my previous suggestion. A new, less fuzyy definition would be: > Ownership is not a privilege itself and as such not inheritable. One of the reasons the role system was brought into being was explicitly to allow other roles to have ownership-level rights on objects that they didn't directly own. I don't see us changing that. Thanks, Stephen
Commits
-
Make ALTER DEFAULT PRIVILEGES require privileges, not membership.
- 48a257d444a7 16.0 landed