Home > mailing lists

Re: replacing role-level NOINHERIT with a grant-level option - Mailing list pgsql-hackers

From	Robert Haas
Subject	Re: replacing role-level NOINHERIT with a grant-level option
Date	July 1, 2022 14:48:34
Msg-id	CA+TgmoZRO3tO_w+ROHW6Xe1fmQfzVyPuZ5OtbYX40w3YBQkMwA@mail.gmail.com Whole thread Raw
In response to	Re: replacing role-level NOINHERIT with a grant-level option (Joe Conway <mail@joeconway.com>)
Responses	Re: replacing role-level NOINHERIT with a grant-level option
List	pgsql-hackers

Tree view

On Fri, Jul 1, 2022 at 6:17 AM Joe Conway <mail@joeconway.com> wrote:
> Would this allow for an explicit REVOKE to override a default INHERIT
> along a specific path?

Can you give an example?

If you mean that A is granted to B which is granted to C which is
granted to D and you now want NOINHERIT behavior for the B->C link in
the chain, this would allow that. You could modify the existing grant
by saying either "REVOKE INHERIT OPTION FOR B FROM C" or "GRANT B TO C
WITH INHERIT FALSE".

-- 
Robert Haas
EDB: http://www.enterprisedb.com

pgsql-hackers by date:

From: Alexander Korotkov
Date: 01 July 2022, 14:18:37
Subject: POC: Lock updated tuples in tuple_update() and tuple_delete()

From: Nikita Malakhov
Date: 01 July 2022, 15:14:50
Subject: Re: Pluggable toaster

Re: replacing role-level NOINHERIT with a grant-level option - Mailing list pgsql-hackers

Previous

Next