| From: | Nathan Bossart <nathandbossart(at)gmail(dot)com> |
|---|---|
| To: | Ashutosh Sharma <ashu(dot)coek88(at)gmail(dot)com> |
| Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, Andrew Dunstan <andrew(at)dunslane(dot)net>, Andres Freund <andres(at)anarazel(dot)de>, Tomas Vondra <tomas(at)vondra(dot)me>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Orphaned users in PG16 and above can only be managed by Superusers |
| Date: | 2025-03-07 17:25:41 |
| Message-ID: | Z8ssFbYVaOE-fzMh@nathan |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Thu, Mar 06, 2025 at 04:10:10PM +0530, Ashutosh Sharma wrote:
> Attached is the v2 patch with the following updates:
>
> 1) Added detailed comments atop check_drop_role_dependency() to
> clarify role dependencies, addressing Nathan's comment.
Thanks!
> 2) Fixed a race condition where the dependency check could pass, but a
> new dependency might be added before the role drop is completed,
> addressing comments from Nathan and Robert.
>
> 3) Improved the error message to display the role dependencies in
> detail, addressing feedback from Robert.
>
> Please have a look and let me know for any further comments. Thanks.
I noticed that much of this code is lifted from DropRole(), and the new
check_drop_role_dependency() function is only used by DropRole() right
before it does the exact same scans. Couldn't we put the new dependency
detection in those existing scans in DropRole()?
--
nathan
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jacob Champion | 2025-03-07 17:30:52 | Re: [PoC] Federated Authn/z with OAUTHBEARER |
| Previous Message | Andres Freund | 2025-03-07 17:25:22 | Re: [PATCH] pg_stat_activity: make slow/hanging authentication more visible |