| From: | Chapman Flack <chap(at)anastigmatix(dot)net> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Standards compliance of SET ROLE / SET SESSION AUTHORIZATION |
| Date: | 2020-02-15 00:40:06 |
| Message-ID: | 5E473DE6.8060200@anastigmatix.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 02/14/20 18:43, Tom Lane wrote:
> I suppose it could be argued that that's a bug in the interpretation
> of role membership: arguably, if you're a member of some superuser
> role, that ought to give you membership in anything else. IOW, a
> superuser's implicit membership in every role isn't transitive,
> and maybe it should be. But I'm not sure that I want to change that;
> it feels like doing so might have surprising side-effects.
I have a tendency to create roles like postgres_assumable or
dba_assumable, which are themselves members of the indicated
roles, but without rolinherit, and then grant those to my own
role. That way in my day to day faffing about, I don't get to
make superuser-powered mistakes, but I can 'set role postgres'
when needed.
Would it make sense for a proposed transitive superuser-membership-
in-everything also to stop at a role without rolinherit? Clearly
it would just add one extra step to 'set role anybody', but sometimes
one extra step inspires a useful extra moment of thought.
Regards,
-Chap
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2020-02-15 00:57:20 | Re: Use LN_S instead of "ln -s" in Makefile |
| Previous Message | Ashwin Agrawal | 2020-02-15 00:30:05 | Use LN_S instead of "ln -s" in Makefile |