| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | Dominique Devienne <ddevienne(at)gmail(dot)com> |
| Cc: | "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: Backward compat issue with v16 around ROLEs |
| Date: | 2024-09-11 15:06:34 |
| Message-ID: | CAKFQuwYK2Vdnbdaxh9QF_0PYpztg51nc-iqYeiKDfpzek7hTdQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Wednesday, September 11, 2024, Dominique Devienne <ddevienne(at)gmail(dot)com>
wrote:
>
> on v16:
>
> D:\pdgm\trunk\psc2>psql service=pau16
> psql (17beta3, server 16.1)
> Type "help" for help.
>
> ddevienne=> create role dd_owner createrole;
> CREATE ROLE
> ddevienne=> create role dd_admin noinherit;
> CREATE ROLE
> ddevienne=> grant dd_owner to dd_admin;
As the error indicates, this grant needs to be done with admin option.
Since the with admin option exists in versions prior to v16 this change
should work in all of your deployments.
> GRANT ROLE
> ddevienne=> set role dd_owner;
> ERROR: permission denied to set role "dd_owner"
> ddevienne=> grant dd_owner to current_user;
> GRANT ROLE
> ddevienne=> set role dd_owner;
> SET
> ddevienne=> create role dd_user;
> CREATE ROLE
> ddevienne=> grant dd_admin to dd_user;
> ERROR: permission denied to grant role "dd_admin"
> DETAIL: Only roles with the ADMIN option on role "dd_admin" may grant
See comment above.
> this role.
> ddevienne=>
>
>
David J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Adrian Klaver | 2024-09-11 15:09:13 | Re: Backward compat issue with v16 around ROLEs |
| Previous Message | Dominique Devienne | 2024-09-11 14:41:58 | Backward compat issue with v16 around ROLEs |