From: | Erik Wienhold <ewie(at)ewie(dot)name> |
---|---|
To: | Michael Corey <michael(dot)corey(dot)ap(at)nielsen(dot)com> |
Cc: | pgsql-general(at)lists(dot)postgresql(dot)org |
Subject: | Re: Changed functionality from 14.3 to 15.3 |
Date: | 2023-09-20 23:11:44 |
Message-ID: | a2k2tszghux7lwmlf3g6seyt7taasuogfzri2lo5g64yhlxzdh@42pxreofqrkq |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
On 2023-09-20 17:53 -0400, Michael Corey wrote:
> To make matters even more strange. I checked the permissions of
> rds_superuser in 15 and 14
>
> For 14
> GRANT pg_monitor, pg_signal_backend, rds_password, rds_replication TO
> rds_superuser WITH ADMIN OPTION;
>
> For 15
> GRANT pg_checkpoint, pg_monitor, *pg_read_all_data*, pg_signal_backend,
> *pg_write_all_data*, rds_password, rds_replication TO rds_superuser WITH
> ADMIN OPTION;
>
> AWS added these permissions, but based on what they do you would think this
> would allow the SELECTs in 15.
Yes it would if sten_schema would inherit from rds_superuser. But it
cannot inherit privileges from rds_superuser (indrect membership through
object_creator) because object_creator was created with NOINHERIT. And
INHERIT applies to direct memberships only.
--
Erik
From | Date | Subject | |
---|---|---|---|
Next Message | Laurenz Albe | 2023-09-21 06:43:49 | Re: Changed functionality from 14.3 to 15.3 |
Previous Message | Erik Wienhold | 2023-09-20 22:09:58 | Re: Changed functionality from 14.3 to 15.3 |