Thread

  1. Why is_admin_of_role() use ROLERECURSE_MEMBERS rather than ROLERECURSE_PRIVS?

    cca5507 <cca5507@qq.com> — 2025-11-18T08:41:45Z

    Hi,
    
    
    When reading the code, I find is_admin_of_role()&nbsp;use ROLERECURSE_MEMBERS while select_best_admin()&nbsp;use ROLERECURSE_PRIVS.
    
    
    Why they are dismatch?
    
    
    The following case will have is_admin_of_role() return true and select_best_admin() return InvalidOid:
    
    
    create user u1;
    create user u2;
    create user u3;
    create user u4;
    grant u2 to u1 with admin true ;
    grant u3 to u2 with admin true ;
    revoke inherit option for u2 from u1 ;
    set session authorization u1;
    grant u3 to u4;
    
    
    The "grant u3 to u4;" will report error "no possible grantors" rather than "permission denied to grant role".
    
    
    Is this the expected behavior?
    
    
    --
    Regards,
    ChangAo Chen