| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | Christophe Pettus <xof(at)thebuild(dot)com> |
| Cc: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>, pgsql-general <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: v16 roles, SET FALSE, INHERIT FALSE, ADMIN FALSE |
| Date: | 2024-07-08 20:42:38 |
| Message-ID: | CAKFQuwaRd4naNA8Ep2xGrQWp_yGd++xZe9H32PV3G-8o=Dg3nQ@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Monday, July 8, 2024, Christophe Pettus <xof(at)thebuild(dot)com> wrote:
>
>
> > On Jul 8, 2024, at 13:29, Christophe Pettus <xof(at)thebuild(dot)com> wrote:
> >
> >
> >
> >> On Jul 8, 2024, at 13:25, Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>
> wrote:
> >> I didn't test it, but doesn't that allow the member rule to drop
> objects owned
> >> be the role it is a member of?
> >
> > No, apparently not.
>
> Just from a quick check, it looks like you need INHERIT to inherit the
> ability to drop objects. The documentation strongly implies this, although
> it doesn't quite come out and say it.
>
>
Are you referring to this:
The right to modify or destroy an object is inherent in being the object's
owner, and cannot be granted or revoked in itself. (However, like all
privileges, that right can be inherited by members of the owning role; see
Section 22.3 <https://www.postgresql.org/docs/current/role-membership.html>
.)
https://www.postgresql.org/docs/current/ddl-priv.html
It can be argued that is more than strong implication though a different
more obvious (technical) wording could be in order.
David J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Pavel Luzanov | 2024-07-08 21:00:35 | Re: v16 roles, SET FALSE, INHERIT FALSE, ADMIN FALSE |
| Previous Message | Tom Lane | 2024-07-08 20:39:27 | Re: v16 roles, SET FALSE, INHERIT FALSE, ADMIN FALSE |