Jeff Davis wrote:
> CREATE ROLE test_role
> NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE;
>
> CREATE ROLE invalid_grantor
> SUPERUSER INHERIT NOCREATEDB NOCREATEROLE;
>
> SET ROLE invalid_grantor;
> GRANT "postgres" TO "test_role";
> SET ROLE postgres;
>
> select * from pg_roles;
>
> select pg_auth_members.*, ur.rolname, gr.rolname from pg_auth_members LEFT JOIN pg_roles ur ON roleid = oid
> LEFT JOIN pg_roles gr ON gr.oid = grantor;
>
> DROP ROLE invalid_grantor;
>
> select pg_auth_members.*, ur.rolname, gr.rolname from pg_auth_members LEFT JOIN pg_roles ur ON roleid = oid
> LEFT JOIN pg_roles gr ON gr.oid = grantor;
>
> DROP ROLE test_role;
The problem here is that we allowed the drop of invalid_grantor. We are
missing a shared dependency on it.
--
Alvaro Herrera http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.