From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
---|---|
To: | Ashutosh Sharma <ashu(dot)coek88(at)gmail(dot)com> |
Cc: | pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Can a role have indirect ADMIN OPTION on another role? |
Date: | 2023-09-06 15:33:23 |
Message-ID: | CA+TgmoYy8gQnwncPAFbB=DYD2Msp2WoahNr6KkygVGWqk-OQhw@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Wed, Sep 6, 2023 at 11:14 AM Ashutosh Sharma <ashu(dot)coek88(at)gmail(dot)com> wrote:
> In PG-16, I see that we have made a lot of changes in the area roles
> and privileges. I have a question related to this and here is my
> question:
>
> Let's say there is a roleA who creates roleB and then roleB creates
> another role, say roleC. By design, A can administer B and B can
> administer C. But, can A administer C although it has not created C?
Ultimately, yes, because A can get access to all of B's privileges,
which include administering C. However, A might or might not have B's
privileges by default, depending on the value of createrole_self_grant
in effect at the time when B was created. So, depending on the
situation, A might (or might not) need to do something like GRANT
roleB to roleA or SET ROLE roleB in order to be able to actually
execute the administration commands in question.
IMHO, it really couldn't reasonably work in any other way. Consider
that A's right to administer B includes the right to change B's
password. If the superuser wants users A and B that can't interfere
with each other, the superuser should create both of those accounts
themselves instead of letting one create the other.
--
Robert Haas
EDB: http://www.enterprisedb.com
From | Date | Subject | |
---|---|---|---|
Next Message | Peter Geoghegan | 2023-09-06 16:20:23 | Re: Eager page freeze criteria clarification |
Previous Message | Alvaro Herrera | 2023-09-06 15:01:06 | Re: remaining sql/json patches |