Home > mailing lists

Re: has_privs_of_role vs. is_member_of_role, redux - Mailing list pgsql-hackers

From	Robert Haas
Subject	Re: has_privs_of_role vs. is_member_of_role, redux
Date	September 27, 2022 14:55:14
Msg-id	CA+TgmoZcg+H62FyrsY9bBR3aQKbq6tmM4YKJsKR8HFJGzrcBAA@mail.gmail.com Whole thread Raw
In response to	Re: has_privs_of_role vs. is_member_of_role, redux (Wolfgang Walther <walther@technowledgy.de>)
List	pgsql-hackers

Tree view

On Tue, Sep 27, 2022 at 2:05 AM Wolfgang Walther
<walther@technowledgy.de> wrote:
> I'm just saying WITH SET FALSE should take away more of the things you
> can do (all the ownership things) to a point where it's safe to GRANT ..
> WITH INHERIT TRUE, SET FALSE and still be useful for pre-defined or
> privilege-container roles.

I don't see that as viable, either. It's too murky what you'd have to
take away to make it safe, and it sounds like stuff that naturally
falls under INHERIT rather than SET.

-- 
Robert Haas
EDB: http://www.enterprisedb.com

pgsql-hackers by date:

From: Aleksander Alekseev
Date: 27 September 2022, 14:33:50
Subject: Re: Add common function ReplicationOriginName.

From: Bharath Rupireddy
Date: 27 September 2022, 15:03:33
Subject: Re: Use pg_pwritev_with_retry() instead of write() in dir_open_for_write() to avoid partial writes?

Re: has_privs_of_role vs. is_member_of_role, redux - Mailing list pgsql-hackers

Previous

Next