Re: [PATCH] Why is_admin_of_role() uses ROLERECURSE_MEMBERS ratherthan ROLERECURSE_PRIVS?

cca5507 <cca5507@qq.com>

From: cca5507 <cca5507@qq.com>
To: preTham <prezza672@gmail.com>, pgsql-hackers <pgsql-hackers@lists.postgresql.org>
Date: 2025-12-22T12:35:00Z
Lists: pgsql-hackers
Hi,

Thank you for your reply.

> PostgreSQL calls select_best_admin() internally. If that function returns
> InvalidOid, I think it means that “The system tried all the possible
> grantor roles (roles we belong to that have ADMIN OPTION), but none are
> currently usable.” i.e the system couldn’t find a grantor role in the
> current context, so it reports: "no possible grantors"

+1

> Again I think a “permission denied” would imply we tried as a specific
> role, and that role doesn’t have permission. But here, Postgres never even
> found which role we could be acting as. So from the system’s logic, it’s
> not a denied action; it’s “no valid takers found to even attempt the
> action.”

Due to the "revoke inherit option for u2 from u1", I think reporting "permission denied ..."
here is reasonable. The "no possible grantors" is more like an internal error, and should
not be reported to users.

> I believe is_admin_of_role() uses ROLERECURSE_MEMBERS because
> is_admin_of_role() is not used for permission enforcement and Its purpose
> is to answer checks like “does A have the ADMIN OPTION for B (anywhere in
> the membership graph)?” So it needs to see all possible relationships, even
> if the intermediate memberships are non-inheriting or currently inactive.

But many places report "permission denied ..." if is_admin_of_role() return false.

--
Regards,
ChangAo Chen