Re: [PATCH v2] use has_privs_for_role for predefined roles

On Tue, Feb 08, 2022 at 10:54:50PM -0500, Robert Haas wrote:
> On Tue, Feb 8, 2022 at 7:38 PM Joe Conway <mail(at)joeconway(dot)com> wrote:
>> If we were to start all over again with this feature my vote would be to
>> do things differently than we have done. I would not have called them
>> predefined roles, and I would have used attributes of roles (e.g. make
>> rolsuper into a bitmap rather than a boolean) rather than role
>> membership to implement them. But I didn't find time to participate in
>> the original discussion or review/write the code, so I have little room
>> to complain.
>
> Yep, fair. I kind of like the predefined role concept myself. I find
> it sort of elegant, mostly because I think it scales better than a
> bitmask, which can run out of bits surprisingly rapidly. But opinions
> can vary, of course.

I do wonder if users find the differences between predefined roles and role
attributes confusing. INHERIT doesn't govern role attributes, but it will
govern predefined roles when this patch is applied. Maybe the role
attribute system should eventually be deprecated in favor of using
predefined roles for everything. Or perhaps the predefined roles should be
converted to role attributes.

--
Nathan Bossart
Amazon Web Services: https://aws.amazon.com