Home > mailing lists

Re: role self-revocation - Mailing list pgsql-hackers

From	Mark Dilger
Subject	Re: role self-revocation
Date	March 7, 2022 23:03:55
Msg-id	F9EB1DD2-5739-4954-AC16-372E289A55DD@enterprisedb.com Whole thread Raw
In response to	Re: role self-revocation (Robert Haas <robertmhaas@gmail.com>)
Responses	Re: role self-revocation (Mark Dilger <mark.dilger@enterprisedb.com>) Re: role self-revocation (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-hackers

Tree view

> On Mar 7, 2022, at 12:01 PM, Robert Haas <robertmhaas@gmail.com> wrote:
>
> It's been pointed out upthread that this would have undesirable
> security implications, because the admin option would be inherited,
> and the implicit permission isn't.

Right, but with a reflexive self-admin-option, we could document that it works in a non-inherited way.  We'd just be
sayingthe current hard-coded behavior is an option which can be revoked rather than something you're stuck with. 

—
Mark Dilger
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company

pgsql-hackers by date:

From: Robert Haas
Date: 07 March 2022, 23:01:37
Subject: Re: role self-revocation

From: Álvaro Herrera
Date: 07 March 2022, 23:04:01
Subject: Re: support for MERGE

Re: role self-revocation - Mailing list pgsql-hackers

Previous

Next