Quick Links

Re: Backward compat issue with v16 around ROLEs

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Dominique Devienne <ddevienne(at)gmail(dot)com>
Cc:	pgsql-general(at)lists(dot)postgresql(dot)org
Subject:	Re: Backward compat issue with v16 around ROLEs
Date:	2024-09-11 21:39:48
Message-ID:	3908085.1726090788@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

Dominique Devienne <ddevienne(at)gmail(dot)com> writes:
> Hi. I'm going around in circles trying to solve an issue with our
> system when running against a PostgreSQL v16 server. Which is linked
> to the weakening of CREATEROLE to have more granular permissions.

I'm not entirely sure, but I think the relevant v16 change is that
CREATEROLE used to imply having ADMIN on every (non-superuser) role.
Now it doesn't, and you have to actually have a WITH ADMIN OPTION
grant. You do automatically get WITH ADMIN OPTION on roles you
create yourself --- but in this example, dd_owner did not create
dd_admin.

regards, tom lane

In response to

Backward compat issue with v16 around ROLEs at 2024-09-11 14:41:58 from Dominique Devienne

Responses

Re: Backward compat issue with v16 around ROLEs at 2024-09-12 12:13:12 from Dominique Devienne

Browse pgsql-general by date

	From	Date	Subject
Next Message	Thomas Munro	2024-09-11 22:21:47	Re: Error:could not extend file " with FileFallocate(): No space left on device
Previous Message	Thomas Munro	2024-09-11 21:36:50	Re: Error:could not extend file " with FileFallocate(): No space left on device