Re: replacing role-level NOINHERIT with a grant-level option - Mailing list pgsql-hackers

From Robert Haas
Subject Re: replacing role-level NOINHERIT with a grant-level option
Date
Msg-id CA+Tgmob6pVopLZ+NJuy_AxDS0uvgHhjjEBYQTBZXek-vM9dmGw@mail.gmail.com
Whole thread Raw
In response to Re: replacing role-level NOINHERIT with a grant-level option  (tushar <tushar.ahuja@enterprisedb.com>)
Responses Re: replacing role-level NOINHERIT with a grant-level option
List pgsql-hackers
On Thu, Jul 28, 2022 at 10:16 AM tushar <tushar.ahuja@enterprisedb.com> wrote:
> On 7/19/22 12:56 AM, Robert Haas wrote:
> > Another good catch. Here is v5 with a fix for that problem.
> Here is one scenario in which I have NOT granted (inherit false)
> explicitly but still revoke
> command is changing the current state
>
> postgres=# create group foo;
> CREATE ROLE
> postgres=# create user bar in group foo;
> CREATE ROLE
> postgres=# revoke inherit option for foo from bar;
> REVOKE ROLE
>
> [edb@centos7tushar bin]$ ./pg_dumpall > /tmp/a11
>
> [edb@centos7tushar bin]$ cat /tmp/a11 |grep 'inherit false' -i
> GRANT foo TO bar WITH INHERIT FALSE GRANTED BY edb;
>
> I think this revoke command should be ignored and inherit option should
> remain 'TRUE'
> as it was before?

No, it seems to me that's behaving as intended. REVOKE BLAH OPTION ...
is intended to be a way of switching an option off.

-- 
Robert Haas
EDB: http://www.enterprisedb.com



pgsql-hackers by date:

Previous
From: Robert Haas
Date:
Subject: Re: making relfilenodes 56 bits
Next
From: Andrew Dunstan
Date:
Subject: Re: How come drongo didn't fail authentication here?