The following bug has been logged on the website:
Bug reference: 18137
Logged by: TAKATSUKA Haruka
Email address: harukat@sraoss.co.jp
PostgreSQL version: 16.0
Operating system: any
Description:
In the following release note item, it seems that "GRANT group_name TO
user_name"
should be "ALTER GROUP group_name ADD USER user_name".
As far as I have tested and confirmed, ALTER GROUP is the one that
has been allowed since version 16.
test steps:
db1=# CREATE ROLE usr1 LOGIN;
db1=# CREATE ROLE usr2 LOGIN;
db1=# CREATE ROLE usr3 LOGIN;
db1=# CREATE ROLE grp1;
db1=# GRANT grp1 TO usr1 WITH ADMIN OPTION;
db1=# \c db1 usr1
db1=> ALTER GROUP grp1 ADD USER usr2;
15.x: ERROR: permission denied
16.0: GRANT successfully
db1=> GRANT grp1 TO usr3;
15.x: GRANT successfully
16.0: GRANT successfully
release note item (release-16.sgml 963) :
<!--
Author: Robert Haas <rhaas@postgresql.org>
2022-08-22 [ce6b672e4] Make role grant system more consistent with other
privil
-->
<listitem>
<para>
Allow <link linkend="sql-grant"><literal>GRANT group_name TO
user_name</literal></link> to be performed with <literal>ADMIN
OPTION</literal> (Robert Haas)
</para>
<para>
Previously <literal>CREATEROLE</literal> permission was required.
</para>
</listitem>
