Home > mailing lists

Re: v16 roles, SET FALSE, INHERIT FALSE, ADMIN FALSE - Mailing list pgsql-general

From	Tom Lane
Subject	Re: v16 roles, SET FALSE, INHERIT FALSE, ADMIN FALSE
Date	July 8 23:39:27
Msg-id	1204975.1720471167@sss.pgh.pa.us Whole thread Raw
In response to	Re: v16 roles, SET FALSE, INHERIT FALSE, ADMIN FALSE (Christophe Pettus <xof@thebuild.com>)
List	pgsql-general

Tree view

Christophe Pettus <xof@thebuild.com> writes:
>> On Jul 8, 2024, at 13:25, Laurenz Albe <laurenz.albe@cybertec.at> wrote:
>> I didn't test it, but doesn't that allow the member rule to drop objects owned
>> be the role it is a member of?

> No, apparently not.

IIUC, you need at least one of SET TRUE and INHERIT TRUE to be able to
access the privileges of the role you are nominally a member of.  This
extends to ownership checks as well as grantable privileges.

            regards, tom lane

pgsql-general by date:

From: Christophe Pettus
Date: 08 July, 23:36:11
Subject: Re: v16 roles, SET FALSE, INHERIT FALSE, ADMIN FALSE

From: "David G. Johnston"
Date: 08 July, 23:42:38
Subject: Re: v16 roles, SET FALSE, INHERIT FALSE, ADMIN FALSE

Re: v16 roles, SET FALSE, INHERIT FALSE, ADMIN FALSE - Mailing list pgsql-general

Previous

Next