Re: Changed functionality from 14.3 to 15.3 - Mailing list pgsql-general

From Michael Corey
Subject Re: Changed functionality from 14.3 to 15.3
Date
Msg-id CAABu8T_aqsd5R8Ej35K8Wmi6Nm7YOxDdHAELT7cPp32OOnbC8g@mail.gmail.com
Whole thread Raw
In response to Re: Changed functionality from 14.3 to 15.3  (Erik Wienhold <ewie@ewie.name>)
List pgsql-general
I created a clean 14.3 server with everything default on server creation.  Ran the setup script did the test and again I was able to query the data successfully.  I then decided to create a clean 15.3 server with everything default.  Ran the setup script did the test and was not able to query the data.

Interestingly enough I contacted AWS and presented the same issue to them and they informed me that they could duplicate my exact issue, and said yes there was a functionality change from 14 to 15, but they did not say if the change was something they did with their RDS Postgres or was it something changed in the underlying Postgres build.



On Wed, Sep 20, 2023 at 7:11 PM Erik Wienhold <ewie@ewie.name> wrote:
On 2023-09-20 17:53 -0400, Michael Corey wrote:
> To make matters even more strange.  I checked the permissions of
> rds_superuser in 15 and 14
>
> For 14
> GRANT pg_monitor, pg_signal_backend, rds_password, rds_replication TO
> rds_superuser WITH ADMIN OPTION;
>
> For 15
> GRANT pg_checkpoint, pg_monitor, *pg_read_all_data*, pg_signal_backend,
> *pg_write_all_data*, rds_password, rds_replication TO rds_superuser WITH
> ADMIN OPTION;
>
> AWS added these permissions, but based on what they do you would think this
> would allow the SELECTs in 15.

Yes it would if sten_schema would inherit from rds_superuser.  But it
cannot inherit privileges from rds_superuser (indrect membership through
object_creator) because object_creator was created with NOINHERIT.  And
INHERIT applies to direct memberships only.

--
Erik


--
Michael Corey

pgsql-general by date:

Previous
From: Dominique Devienne
Date:
Subject: Re: How to fork pg_dump or psql w/o leaking secrets?
Next
From: Chris Kelly
Date:
Subject: Ubuntu 18 + PHP 8.2 + PDO: can't find drivers