Quick Links

Re: v16 roles, SET FALSE, INHERIT FALSE, ADMIN FALSE

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Christophe Pettus <xof(at)thebuild(dot)com>
Cc:	Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>, pgsql-general <pgsql-general(at)postgresql(dot)org>
Subject:	Re: v16 roles, SET FALSE, INHERIT FALSE, ADMIN FALSE
Date:	2024-07-08 20:39:27
Message-ID:	1204975.1720471167@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

Christophe Pettus <xof(at)thebuild(dot)com> writes:
>> On Jul 8, 2024, at 13:25, Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> wrote:
>> I didn't test it, but doesn't that allow the member rule to drop objects owned
>> be the role it is a member of?

> No, apparently not.

IIUC, you need at least one of SET TRUE and INHERIT TRUE to be able to
access the privileges of the role you are nominally a member of. This
extends to ownership checks as well as grantable privileges.

regards, tom lane

In response to

Re: v16 roles, SET FALSE, INHERIT FALSE, ADMIN FALSE at 2024-07-08 20:29:55 from Christophe Pettus

Browse pgsql-general by date

	From	Date	Subject
Next Message	David G. Johnston	2024-07-08 20:42:38	Re: v16 roles, SET FALSE, INHERIT FALSE, ADMIN FALSE
Previous Message	Christophe Pettus	2024-07-08 20:36:11	Re: v16 roles, SET FALSE, INHERIT FALSE, ADMIN FALSE