PG16 ADMIN OPTION

From: Pawan Sharma <pawanpg0963(at)gmail(dot)com>
To: pgsql-general(at)lists(dot)postgresql(dot)org
Subject: PG16 ADMIN OPTION
Date: 2024-12-18 11:52:32
Message-ID: CAKqG8NUgCmPdf2fQh89cn-eTCpTkS=ZgcFad-G9j0bpM9gR7rQ@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Hello Everyone,

I recently noticed the difference between PG15 and PG16 regarding *CREATEROLE
*and ADMIN OPTION.

Granting the Admin Option to another role is not allowed in PG16, whereas
it was permitted in PG15. Please help me with how we can allow them without
superuser intervention.

PostgreSQL 15:
psql (15.10 (Homebrew), server 15.10 (Homebrew))
Type "help" for help.

postgres=# create role pgtest login createdb createrole;
CREATE ROLE
postgres=# \c postgres pgtest
psql (16.6 (Homebrew), server 15.10 (Homebrew))
You are now connected to database "postgres" as user "pgtest".
postgres=>
postgres=> create role test login;
CREATE ROLE
postgres=>
postgres=> grant pgtest to test with ADMIN OPTION;
GRANT ROLE
postgres=> \drg
List of role grants
Role name | Member of | Options | Grantor
-----------+-----------+---------------------+---------
test | pgtest | ADMIN, INHERIT, SET | pgtest
(1 row)

PostgreSQL 16
psql (16.6 (Homebrew))
Type "help" for help.

postgres=# create role pgtest login createdb createrole;
CREATE ROLE
postgres=# \c postgres pgtest
You are now connected to database "postgres" as user "pgtest".
postgres=> create role test login;
CREATE ROLE
postgres=>
postgres=> grant pgtest to test with ADMIN OPTION;
ERROR: permission denied to grant role "admin"
DETAIL: Only roles with the ADMIN option on role "pgtest" may grant this
role.
postgres=>
postgres=> \drg
List of role grants
Role name | Member of | Options | Grantor
-----------+-----------+---------+-------------
pgtest | test | ADMIN | pawansharma
(1 row)

postgres=>

Thank you so much.

Regards,
Pawan

Browse pgsql-general by date

  From Date Subject
Next Message Francisco Olarte 2024-12-18 12:39:10 Re: How to do an update with XML column ?
Previous Message Ron Johnson 2024-12-17 18:47:24 Re: Credcheck- credcheck.max_auth_failure