From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
---|---|
To: | Stephen Frost <sfrost(at)snowman(dot)net> |
Cc: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Amit Langote <Langote_Amit_f8(at)lab(dot)ntt(dot)co(dot)jp>, Pg Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: SET ROLE and reserved roles |
Date: | 2016-05-03 15:07:44 |
Message-ID: | CA+TgmoZuMMWwEZH-Zbzq-DqXsgBR8WnvYMbzKFZH9cADNcjceg@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Tue, Apr 26, 2016 at 7:39 PM, Robert Haas <robertmhaas(at)gmail(dot)com> wrote:
> On Mon, Apr 25, 2016 at 6:55 PM, Stephen Frost <sfrost(at)snowman(dot)net> wrote:
>> Based on our discussion at PGConf.US and the comments up-thread from
>> Tom, I'll work up a patch to remove those checks around SET ROLE and
>> friends which were trying to prevent default roles from possibly being
>> made to own objects.
>>
>> Should the checks, which have been included since nearly the start of
>> this version of the patch, to prevent users from GRANT'ing other rights
>> to the default roles remain? Or should those also be removed? I
>> *think* pg_dump/pg_upgrade would be fine with rights being added, and if
>> we aren't preventing ownership of objects then we aren't going to be
>> able to remove such roles in any case.
>
> It'd be good to test that that works. If it does, I think we may as
> well allow it.
>
>> Of course, with these default roles, users can't REVOKE the rights which
>> are granted to them as that happens in C code, outside of the GRANT
>> system.
>
> I think you mean that they can't revoke the special magic rights, but
> they could revoke any additional privileges which were granted.
>
>> Working up a patch to remove these checks should be pretty quickly done
>> (iirc, I've actually got an independent patch around from when I added
>> them, just need to find it and then go through the committed patches to
>> make sure I take care of everything), but would like to make sure that
>> we're now all on the same page and that *all* of these checks should be
>> removed, making default roles just exactly like "regular" roles, except
>> that they're created at initdb time and have "special" rights provided
>> by C-level code checks.
>
> That's what I'm thinking. I would welcome other views.
Ping!
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
From | Date | Subject | |
---|---|---|---|
Next Message | Stephen Frost | 2016-05-03 15:08:53 | Re: SET ROLE and reserved roles |
Previous Message | Stephen Frost | 2016-05-03 15:07:40 | Re: pg_dump broken for non-super user |