On Mon, 27 Jan 2025 at 13:49, Alexander Kukushkin <cyberdemn@gmail.com> wrote:
>
> Hi,
>
> Here is a self-contained example with 17.2, however I assume that 16 and master will exhibit similar behaviour.
>
> postgres=# create user a with createrole;
> CREATE ROLE
> postgres=# create user b with createrole;
> CREATE ROLE
> postgres=# set role a;
> SET
> postgres=> create user aa;
> CREATE ROLE
> postgres=> set role b;
> SET
> postgres=> create user bb;
> CREATE ROLE
> postgres=> grant bb to aa;
> GRANT ROLE
> postgres=> \drg
> List of role grants
> Role name | Member of | Options | Grantor
> -----------+-----------+--------------+----------
> a | aa | ADMIN | postgres
> aa | bb | INHERIT, SET | b
> b | bb | ADMIN | postgres
> (3 rows)
>
> postgres=> reset role;
> RESET
> postgres=# revoke bb from aa;
> WARNING: role "aa" has not been granted membership in role "bb" by role "postgres"
> REVOKE ROLE
> postgres=# \drg
> List of role grants
> Role name | Member of | Options | Grantor
> -----------+-----------+--------------+----------
> a | aa | ADMIN | postgres
> aa | bb | INHERIT, SET | b
> b | bb | ADMIN | postgres
> (3 rows)
>
> IMO, superusers should be able to revoke privileges it didn't grant.
>
> Regards,
> --
> Alexander Kukushkin
Reproduced this at cf5eb37 (and not on its parent f026c16)
There was some huge refactoring around user.c and particularly
`check_role_grantor` function. I'm trying to comprehend.
--
Best regards,
Kirill Reshke
