| From: | Floris Van Nee <florisvannee(at)Optiver(dot)com> |
|---|---|
| To: | "pgsql-bugs(at)lists(dot)postgresql(dot)org" <pgsql-bugs(at)lists(dot)postgresql(dot)org> |
| Subject: | Error for GRANTED BY in PG16&PG17 that does not happen in PG15 |
| Date: | 2025-02-12 10:56:01 |
| Message-ID: | bc5f945cbd27483f83a59880550722ce@Optiver.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Hi, I observed some difference in behavior for granting roles.
Running as a superuser (postgres).
SQL:
create role test_group;
create role test_user;
create role test_su with superuser;
grant test_group to test_user granted by test_su;
Output on PG16 & PG17:
CREATE ROLE
CREATE ROLE
CREATE ROLE
ERROR: permission denied to grant privileges as role "test_su"
DETAIL: The grantor must have the ADMIN option on role "test_group".
The same succeeds on PG15.
This likely has to do with work that was done by Robert Haas on introducing this ADMIN option in PG16.
Surely doing “granted by some_superuser” should be allowed regardless of the ADMIN option though, right?
-Floris
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Fujii Masao | 2025-02-12 11:19:27 | reltuples decreasing with each autovacuum run |
| Previous Message | Álvaro Herrera | 2025-02-12 10:55:43 | Re: BRIN index creation on geometry column causes crash |