Home > mailing lists

Re: Backward compat issue with v16 around ROLEs - Mailing list pgsql-general

From	Pavel Luzanov
Subject	Re: Backward compat issue with v16 around ROLEs
Date	September 12 02:20:05
Msg-id	4308abb3-269e-4cee-a48f-c95d49ede6c2@postgrespro.ru Whole thread Raw
In response to	Re: Backward compat issue with v16 around ROLEs ("David G. Johnston" <david.g.johnston@gmail.com>)
Responses	Re: Backward compat issue with v16 around ROLEs
List	pgsql-general

Tree view

On 11.09.2024 22:21, David G. Johnston wrote:

> ddevienne=> grant dd_owner to dd_admin with admin option; -- <<<<<<<<

I think this needs to be the other way around:

grant dd_admin to dd_owner with admin option;

Best,

Wolfgang

Probably, intend to get those reversed and wasn't in a position to experiment. In any case fixing the with admin error is the correct approach.

Unfortunately, it won't work.
Dominique is right. This will lead to circularities.
After this grant:

grant dd_owner to dd_admin;

reverse grant is not possible.
I think this is a migration issue for v16 and it is not mentioned in release notes.

I didn't quite understand the exact purpose of the roles dd_owner and dd_admin. 
But a possible way is to use dd_admin to create roles.
For example:

create role dd_admin login createrole;
\c - dd_admin
create role dd_owner noinherit;

create role dd_user login;
grant dd_owner to dd_user;

\c - dd_user
set role dd_owner;

-- 
Pavel Luzanov
Postgres Professional: https://postgrespro.com

pgsql-general by date:

From: "David G. Johnston"
Date: 12 September, 01:21:56
Subject: Re: Backward compat issue with v16 around ROLEs

From: Thomas Munro
Date: 12 September, 03:36:50
Subject: Re: Error:could not extend file " with FileFallocate(): No space left on device

Re: Backward compat issue with v16 around ROLEs - Mailing list pgsql-general

Previous

Next