Re: DROP OWNED BY fails to clean out pg_init_privs grants - Mailing list pgsql-hackers

From David G. Johnston
Subject Re: DROP OWNED BY fails to clean out pg_init_privs grants
Date
Msg-id CAKFQuwYyhx01CMxmtupuMGiRwQbWTsDrDc2S88W4woaW3P=NyQ@mail.gmail.com
Whole thread Raw
In response to Re: DROP OWNED BY fails to clean out pg_init_privs grants  (Tom Lane <tgl@sss.pgh.pa.us>)
Responses Re: DROP OWNED BY fails to clean out pg_init_privs grants
List pgsql-hackers
On Monday, April 29, 2024, Tom Lane <tgl@sss.pgh.pa.us> wrote:
"David G. Johnston" <david.g.johnston@gmail.com> writes:
> My solution to this was to rely on the fact that the bootstrap superuser is
> assigned OID 10 regardless of its name.

Yeah, I wrote it that way to start with too, but reconsidered
because

(1) I don't like hard-coding numeric OIDs.  We can avoid that in C
code but it's harder to do in SQL.

If the tests don’t involve, e.g., the predefined role pg_monitor and its grantor of the memberships in the other predefined roles, this indeed can be avoided.  So I think my test still needs to check for 10 even if some other superuser is allowed to produce the test output since a key output in my case was the bootstrap superuser and the initdb roles.


(2) It's not clear to me that this test couldn't be run by a
non-bootstrap superuser.  I think "current_user" is actually
the correct thing for the role executing the test.

Agreed, testing against current_role is correct if the things being queried were created while executing the test.  I would need to do this as well to remove the current requirement that my tests be run by the bootstrap superuser.

David J.

pgsql-hackers by date:

Previous
From: Richard Guo
Date:
Subject: Re: [PATCH] Fix bug when calling strncmp in check_authmethod_valid
Next
From: Alexander Lakhin
Date:
Subject: Re: Removing unneeded self joins