Re: Orphaned users in PG16 and above can only be managed by Superusers

On Fri, Jan 24, 2025 at 8:23 PM Andrew Dunstan <andrew(at)dunslane(dot)net> wrote:
>
>
> On 2025-01-23 Th 4:06 PM, Robert Haas wrote:
> > On Thu, Jan 23, 2025 at 3:51 PM Andres Freund <andres(at)anarazel(dot)de> wrote:
> >> I wonder if it's a mistake that a role membership that has WITH ADMIN on
> >> another role is silently removed if the member role is removed. We e.g. do
> >> *not* do that for pg_auth_members.grantor:
> >>
> >> ERROR: 2BP01: role "r1" cannot be dropped because some objects depend on it
> >> DETAIL: privileges for membership of role r2 in role r3
> > Yeah, I'm not sure about this either, but this is the kind of thing I
> > was thinking about when I replied before, saying that maybe dropping
> > role B shouldn't just succeed. Maybe dropping a role that doesn't have
> > privileges to administer any other role should be different than
> > dropping one that does.
> >
>
> That seems reasonable and consistent with what we do elsewhere, as
> Andres noted.
>

Thank you all for your valuable inputs and suggestions. Based on the
consensus, we will move forward with this solution. I'll start working
on the coding part and share the patch for review by next week.

--
With Regards,
Ashutosh Sharma.