Home > mailing lists

Re: CREATEROLE users vs. role properties - Mailing list pgsql-hackers

From	tushar
Subject	Re: CREATEROLE users vs. role properties
Date	January 19, 2023 12:35:01
Msg-id	482146ee-e73e-5378-6595-b06e044acc43@enterprisedb.com Whole thread Raw
In response to	Re: CREATEROLE users vs. role properties (Nathan Bossart <nathandbossart@gmail.com>)
Responses	Re: CREATEROLE users vs. role properties
List	pgsql-hackers

Tree view

On 1/19/23 4:47 AM, Nathan Bossart wrote:
> This seems like a clear improvement to me.  However, as the attribute
> system becomes more sophisticated, I think we ought to improve the error
> messages in user.c.  IMHO messages like "permission denied" could be
> greatly improved with some added context.
I observed this behavior where the role is having creatrole but still 
it's unable to pass it to another user.

postgres=# create role abc1 login createrole;
CREATE ROLE
postgres=# create user test1;
CREATE ROLE
postgres=# \c - abc1
You are now connected to database "postgres" as user "abc1".
postgres=> alter role test1 with createrole ;
ERROR:  permission denied
postgres=>

which was working previously without patch.

Is this an expected behavior?

-- 
regards,tushar
EnterpriseDB  https://www.enterprisedb.com/
The Enterprise PostgreSQL Company

pgsql-hackers by date:

From: "2903807914@qq.com"
Date: 19 January 2023, 12:23:05
Subject: Support plpgsql multi-range in conditional control

From: "Drouvot, Bertrand"
Date: 19 January 2023, 12:43:27
Subject: Re: Minimal logical decoding on standbys

Re: CREATEROLE users vs. role properties - Mailing list pgsql-hackers

Previous

Next