Why is_admin_of_role() use ROLERECURSE_MEMBERS rather than ROLERECURSE_PRIVS?

cca5507 <cca5507@qq.com>

From: cca5507 <cca5507@qq.com>
To: pgsql-hackers <pgsql-hackers@lists.postgresql.org>
Date: 2025-11-18T08:41:45Z
Lists: pgsql-hackers
Hi,


When reading the code, I find is_admin_of_role()&nbsp;use ROLERECURSE_MEMBERS while select_best_admin()&nbsp;use ROLERECURSE_PRIVS.


Why they are dismatch?


The following case will have is_admin_of_role() return true and select_best_admin() return InvalidOid:


create user u1;
create user u2;
create user u3;
create user u4;
grant u2 to u1 with admin true ;
grant u3 to u2 with admin true ;
revoke inherit option for u2 from u1 ;
set session authorization u1;
grant u3 to u4;


The "grant u3 to u4;" will report error "no possible grantors" rather than "permission denied to grant role".


Is this the expected behavior?


--
Regards,
ChangAo Chen