Home > mailing lists

Re: Q: GRANT ... WITH ADMIN on PG 17 - Mailing list pgsql-general

From	David G. Johnston
Subject	Re: Q: GRANT ... WITH ADMIN on PG 17
Date	August 21 19:11:57
Msg-id	CAKFQuwbYv_dcJQ8AWmQWka1MhDvQLCxjcoquf4XjEBuZ9zEm5w@mail.gmail.com Whole thread Raw
In response to	Re: Q: GRANT ... WITH ADMIN on PG 17 (Karsten Hilbert <Karsten.Hilbert@gmx.net>)
Responses	Re: Q: GRANT ... WITH ADMIN on PG 17
List	pgsql-general

Tree view

On Thursday, August 21, 2025, Karsten Hilbert <Karsten.Hilbert@gmx.net> wrote:

Am Thu, Aug 21, 2025 at 08:46:00AM -0700 schrieb Adrian Klaver:

> >PG 17 documentation says that using "WITH ADMIN" allows the
> >role being added to another group role to grant/revoke
> >membership in said group to other roles.
>
> I would start by reading this:
>
> https://rhaas.blogspot.com/2023/01/surviving-without-superuser-coming-to.html

Thanks, I did, but did not find the answer to: Is there a
way for a role that can manage membership in a group role to
not itself be a member of that group role ?

A superuser can do this. Otherwise, no. In order to be made admin of a role on must be a member of said role - i.e., “with admin” is only part of the “grant” command. You won’t find docs talking about alternatives because they don’t exist.

David J.

pgsql-general by date:

From: Karsten Hilbert
Date: 21 August, 18:59:58
Subject: Re: Q: GRANT ... WITH ADMIN on PG 17

From: Karsten Hilbert
Date: 21 August, 19:17:28
Subject: Re: Q: GRANT ... WITH ADMIN on PG 17

Re: Q: GRANT ... WITH ADMIN on PG 17 - Mailing list pgsql-general

Previous

Next