From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
Cc: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>, Dominique Devienne <ddevienne(at)gmail(dot)com>, pgsql-general(at)postgresql(dot)org |
Subject: | Re: Why no pg_has_role(..., 'ADMIN')? |
Date: | 2024-09-20 18:34:27 |
Message-ID: | 2470834.1726857267@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
I wrote:
> Robert Haas <robertmhaas(at)gmail(dot)com> writes:
>> I think this already exists. The full list of modes supported by
>> pg_has_role() is listed in convert_role_priv_string(). You can do
>> something like pg_has_role('alice', 'USAGE WITH ADMIN OPTION'). This
>> is not new: it worked in older releases too, but AFAIK it's never been
>> mentioned in the documentation.
> Surely that's a bad documentation omission.
Actually, it's not true that it's entirely undocumented, because the
text above the table that describes pg_has_role mentions
Optionally, WITH GRANT OPTION can be added to a privilege type to
test whether the privilege is held with grant option.
But I concur that it's not immediately obvious that that applies
to role membership, since we don't use the "grant option" terminology
for roles.
I'm now inclined to add wording within the pg_has_role entry, along
the lines of
WITH ADMIN OPTION or WITH GRANT OPTION can be added to any of
these privilege types to test whether ADMIN privilege is held
(all six spellings test the same thing).
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Robert Haas | 2024-09-20 18:49:13 | Re: Why no pg_has_role(..., 'ADMIN')? |
Previous Message | Tom Lane | 2024-09-20 18:16:38 | Re: Why no pg_has_role(..., 'ADMIN')? |