| From: | Pavel Luzanov <p(dot)luzanov(at)postgrespro(dot)ru> |
|---|---|
| To: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, Wolfgang Walther <walther(at)technowledgy(dot)de> |
| Cc: | Dominique Devienne <ddevienne(at)gmail(dot)com>, pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Backward compat issue with v16 around ROLEs |
| Date: | 2024-09-11 20:20:05 |
| Message-ID: | 4308abb3-269e-4cee-a48f-c95d49ede6c2@postgrespro.ru |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 11.09.2024 22:21, David G. Johnston wrote:
>
> > ddevienne=> grant dd_owner to dd_admin with admin option; --
> <<<<<<<<
>
> I think this needs to be the other way around:
>
> grant dd_admin to dd_owner with admin option;
>
> Best,
>
> Wolfgang
>
>
> Probably, intend to get those reversed and wasn't in a position to
> experiment. In any case fixing the with admin error is the correct
> approach.
Unfortunately,itwon'twork. Dominiqueis right.Thiswill leadtocircularities. After this grant:
grant dd_owner to dd_admin;
reverse grant is not possible.
I thinkthisis a migrationissueforv16and it is not mentioned in release
notes.
Ididn'tquiteunderstandthe exactpurposeof the roles dd_owner and dd_admin.
But apossibleway is to use dd_admin to create roles. For example:
create role dd_admin login createrole;
\c - dd_admin
create role dd_owner noinherit;
create role dd_user login;
grant dd_owner to dd_user;
\c - dd_user
set role dd_owner;
--
Pavel Luzanov
Postgres Professional:https://postgrespro.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Thomas Munro | 2024-09-11 21:36:50 | Re: Error:could not extend file " with FileFallocate(): No space left on device |
| Previous Message | David G. Johnston | 2024-09-11 19:21:56 | Re: Backward compat issue with v16 around ROLEs |