Re: Orphaned users in PG16 and above can only be managed by Superusers

On Wed, Mar 19, 2025 at 1:55 PM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
> That being the case, I'm against imposing restrictions on DROP ROLE
> because of the properties of particular role grants. If you get
> into a situation where you need a superuser's help to undo something,
> well hopefully you learned better and won't do that again.
>
> I'm especially against making life more difficult for everyone who
> uses Postgres in order to remove a problem that's only a problem for
> people who don't have a superuser account available.

You kind of lost me at this point. I mean, technically I agree that we
don't want to make life worse for everyone to help people who don't
have a superuser account available, but I don't see why it's written
in stone that we should have to make life worse for
superuser-administered installs in order to make it better for
non-superuser-administered installs.

Also, non-superuser-administered installs probably outnumber
superuser-administered ones already, maybe by a large margin, and I
think that's only going to accelerate as more things are done via
cloud providers. It's not some niche use case.

I am interested by your comment about the automatic DROP ROLE being
required by the spec, though. I rarely understand the spec, but I like
it when somebody says it agrees with what I already thought. :-)

--
Robert Haas
EDB: http://www.enterprisedb.com