Quick Links

Re: v16 roles, SET FALSE, INHERIT FALSE, ADMIN FALSE

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Pavel Luzanov <p(dot)luzanov(at)postgrespro(dot)ru>
Cc:	Christophe Pettus <xof(at)thebuild(dot)com>, pgsql-general <pgsql-general(at)postgresql(dot)org>
Subject:	Re: v16 roles, SET FALSE, INHERIT FALSE, ADMIN FALSE
Date:	2024-07-08 21:16:28
Message-ID:	1214992.1720473388@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

Pavel Luzanov <p(dot)luzanov(at)postgrespro(dot)ru> writes:
> On 08.07.2024 22:22, Christophe Pettus wrote:
>> This is more curiosity than anything else. In the v16 role system, is there actually any reason to grant membership in a role to a different role, but with SET FALSE, INHERIT FALSE, and ADMIN FALSE? Does the role granted membership gain any ability it didn't have before in that case?

> Looks like there is one ability.
> Authentication in pg_hba.conf "USER" field via +role syntax.

Hmm, if that check doesn't require INHERIT TRUE I'd say it's
a bug.

regards, tom lane

In response to

Re: v16 roles, SET FALSE, INHERIT FALSE, ADMIN FALSE at 2024-07-08 21:00:35 from Pavel Luzanov

Responses

Re: v16 roles, SET FALSE, INHERIT FALSE, ADMIN FALSE at 2024-07-08 21:23:18 from Pavel Luzanov
Re: v16 roles, SET FALSE, INHERIT FALSE, ADMIN FALSE at 2024-07-08 21:59:51 from David G. Johnston

Browse pgsql-general by date

	From	Date	Subject
Next Message	Pavel Luzanov	2024-07-08 21:23:18	Re: v16 roles, SET FALSE, INHERIT FALSE, ADMIN FALSE
Previous Message	Pavel Luzanov	2024-07-08 21:00:35	Re: v16 roles, SET FALSE, INHERIT FALSE, ADMIN FALSE