Home > mailing lists

Why is_admin_of_role() use ROLERECURSE_MEMBERS rather than ROLERECURSE_PRIVS? - Mailing list pgsql-hackers

From	cca5507
Subject	Why is_admin_of_role() use ROLERECURSE_MEMBERS rather than ROLERECURSE_PRIVS?
Date	November 18 11:41:45
Msg-id	tencent_ADCE2B34B230A9B631854806104FEF40C105@qq.com Whole thread Raw
List	pgsql-hackers

Hi,

When reading the code, I find is_admin_of_role() use ROLERECURSE_MEMBERS while select_best_admin() use ROLERECURSE_PRIVS.

Why they are dismatch?

The following case will have is_admin_of_role() return true and select_best_admin() return InvalidOid:

create user u1;

create user u2;

create user u3;

create user u4;

grant u2 to u1 with admin true ;

grant u3 to u2 with admin true ;

revoke inherit option for u2 from u1 ;

set session authorization u1;

grant u3 to u4;

The "grant u3 to u4;" will report error "no possible grantors" rather than "permission denied to grant role".

Is this the expected behavior?

Regards,

ChangAo Chen

From: Chao Li
Date: 18 November, 11:26:32
Subject: Re: CREATE/ALTER PUBLICATION improvements for syntax synopsis

From: Peter Eisentraut
Date: 18 November, 11:50:37
Subject: GUC thread-safety approaches