Home > mailing lists

Re: [PATCHES] Users/Groups -> Roles - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: [PATCHES] Users/Groups -> Roles
Date	June 29, 2005 17:40:28
Msg-id	11646.1120066820@sss.pgh.pa.us Whole thread Raw
In response to	Re: [PATCHES] Users/Groups -> Roles (Stephen Frost <sfrost@snowman.net>)
Responses	Re: [PATCHES] Users/Groups -> Roles
List	pgsql-hackers

Tree view

I notice that AddRoleMems/DelRoleMems assume that ADMIN OPTION is not
inherited indirectly; that is it must be granted directly to you.
This seems wrong; SQL99 has under <privileges>
       19) B has the WITH ADMIN OPTION on a role if a role authorization           descriptor identifies the role as
grantedto B WITH ADMIN OPTION           or a role authorization descriptor identifies it as granted WITH
ADMINOPTION to another applicable role for B.
 

and in the Access Rules for <grant role statement>
        1) Every role identified by <role granted> shall be contained           in the applicable roles for A and the
correspondingrole           authorization descriptors shall specify WITH ADMIN OPTION.
 

I can't see any support in the spec for the idea that WITH ADMIN OPTION
doesn't flow through role memberships in the same way as ordinary
membership; can you quote someplace that implies this?
        regards, tom lane

pgsql-hackers by date:

From: Douglas McNaught
Date: 29 June 2005, 17:26:19
Subject: Re: Proposal: associative arrays for plpgsql (concept)

From: Kenneth Marshall
Date: 29 June 2005, 18:06:18
Subject: Re: commit_delay, siblings

Re: [PATCHES] Users/Groups -> Roles - Mailing list pgsql-hackers

Previous

Next