Home > mailing lists

Re: Orphaned users in PG16 and above can only be managed by Superusers - Mailing list pgsql-hackers

From	Robert Haas
Subject	Re: Orphaned users in PG16 and above can only be managed by Superusers
Date	March 5 23:40:18
Msg-id	CA+TgmoaR8zD_w24m9ETSSkEvFyWBSaKi2+AWCxa8w6Z03pop4g@mail.gmail.com Whole thread Raw
In response to	Re: Orphaned users in PG16 and above can only be managed by Superusers (Nathan Bossart <nathandbossart@gmail.com>)
Responses	Re: Orphaned users in PG16 and above can only be managed by Superusers
List	pgsql-hackers

Tree view

On Wed, Mar 5, 2025 at 3:13 PM Nathan Bossart <nathandbossart@gmail.com> wrote:
> * The patch alleges to only block DROP ROLE commands when there exists
>   _both_ admins of the target role and roles for which the target role is
>   an admin.  However, it's not clear to me why both need to be true.  I
>   might be able to glean the reason if I read this thread carefully or
>   spend more time thinking about it, but IMHO that patch itself should make
>   it obvious.  I'd suggest expanding the comment atop
>   check_drop_role_dependency().

The error message needs work, too. Nobody is ever going to guess what
the rule is from that error message.

> * Does this introduce any race conditions?  For example, is it possible for
>   the new check to pass and then for a dependency to be added before the
>   drop completes?

This is a serious concern for me as well.

--
Robert Haas
EDB: http://www.enterprisedb.com

pgsql-hackers by date:

From: Nathan Bossart
Date: 05 March, 23:33:42
Subject: Re: Update Unicode data to Unicode 16.0.0

From: Greg Sabino Mullane
Date: 05 March, 23:40:52
Subject: Re: optimize file transfer in pg_upgrade

Re: Orphaned users in PG16 and above can only be managed by Superusers - Mailing list pgsql-hackers

Previous

Next