Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1soOyb-00Azcl-U2 for pgsql-general@arkaria.postgresql.org; Wed, 11 Sep 2024 15:09:51 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1soOyb-002FfR-JG for pgsql-general@arkaria.postgresql.org; Wed, 11 Sep 2024 15:09:49 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1soOya-002FcQ-1I for pgsql-general@lists.postgresql.org; Wed, 11 Sep 2024 15:09:49 +0000 Received: from fhigh2-smtp.messagingengine.com ([103.168.172.153]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1soOyV-000fDD-C5 for pgsql-general@lists.postgresql.org; Wed, 11 Sep 2024 15:09:47 +0000 Received: from phl-compute-10.internal (phl-compute-10.phl.internal [10.202.2.50]) by mailfhigh.phl.internal (Postfix) with ESMTP id 1B5571140212; Wed, 11 Sep 2024 11:09:42 -0400 (EDT) Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-10.internal (MEProxy); Wed, 11 Sep 2024 11:09:42 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aklaver.com; h= cc:content-transfer-encoding:content-type:content-type:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm3; t=1726067382; x=1726153782; bh=RZS5YYN7g4njGAkYppmIvWU1IjTcU2UhAKq4EyjByt0=; b= Nbu96dSY36zL3KoJFFkCN+QkrTkJaB1XZtThtijbS5lPNpZX/rm/tXzAdwLnsGHI WpjqeJeedzDFL0g9M0+0M5pWIXuRbZlpFDOMNFi0KBshAS695bjj5u9tItf530ga 5tnFty927+mGIvzECdVc+q4Rb+4sCu4aj+OueGA9VJ0nt5eEID7gQHEoOOZ3vlSF bUA0r7AJHIAsQtIvOgwmNUrxQdL8jE3zCX0fHXoB/NEMWBeq0W4s4AjoswhcBGHp j320/vhVv01RqYdvtuRspgG5IT8q4rSrpxcw/6TQZMgC+FG/snJWHUMdpaUQ4pTg zoFEjp7OiQuDRVKs4gzqjg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1726067382; x= 1726153782; bh=RZS5YYN7g4njGAkYppmIvWU1IjTcU2UhAKq4EyjByt0=; b=R 1qLOxUoH49vHx+3R6aHyMrK5v4yjEYzt3tp64FDHBFWHkXWsk+C3Kd6HjXXzQisQ wiYvx/Q09abXOXPQz1AhB+tSjqEvxtq7Rwy9dK4iRxNFvXDXSIpDRLDubKG8x7kD eGaX+xCdxZNEfktpFy2bg1spd/a/vrK4DV7L7fo3exYk2TW7jhDULvzYFVmr+0UE gZV+u6VN87HjcugLEg0CnOlFLtnVYfSOah3nKE19qerhXsHqnihmSlzWcKDOEm6D rRYH8ghkqVBODqwbX9s5EcTYHHV2N8lqipwOa4HHuUncq5b1rdrcQfUGohvPpN1c aSI7AcjqolNx+xkjeWtDQ== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrudejuddgkeefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnh htshculddquddttddmnecujfgurhepkfffgggfuffvfhfhjggtgfesthejredttddvjeen ucfhrhhomheptegurhhirghnucfmlhgrvhgvrhcuoegrughrihgrnhdrkhhlrghvvghrse grkhhlrghvvghrrdgtohhmqeenucggtffrrghtthgvrhhnpeeivdfhieehheegueeileej ieettdejhedugeefleekvdelkeehtdfgiefffeekudenucevlhhushhtvghrufhiiigvpe dtnecurfgrrhgrmhepmhgrihhlfhhrohhmpegrughrihgrnhdrkhhlrghvvghrsegrkhhl rghvvghrrdgtohhmpdhnsggprhgtphhtthhopedvpdhmohguvgepshhmthhpohhuthdprh gtphhtthhopeguuggvvhhivghnnhgvsehgmhgrihhlrdgtohhmpdhrtghpthhtohepphhg shhqlhdqghgvnhgvrhgrlheslhhishhtshdrphhoshhtghhrvghsqhhlrdhorhhg X-ME-Proxy: Feedback-ID: i76984098:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 11 Sep 2024 11:09:41 -0400 (EDT) Message-ID: <076fe1a7-b72c-4ba1-8589-cd7ece3fd982@aklaver.com> Date: Wed, 11 Sep 2024 08:09:13 -0700 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: Backward compat issue with v16 around ROLEs To: Dominique Devienne , pgsql-general@lists.postgresql.org References: Content-Language: en-US From: Adrian Klaver In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On 9/11/24 07:41, Dominique Devienne wrote: > Hi. I'm going around in circles trying to solve an issue with our > on v16: > > D:\pdgm\trunk\psc2>psql service=pau16 > psql (17beta3, server 16.1) > Type "help" for help. > > ddevienne=> create role dd_owner createrole; > CREATE ROLE > ddevienne=> create role dd_admin noinherit; > CREATE ROLE > ddevienne=> grant dd_owner to dd_admin; > GRANT ROLE > ddevienne=> set role dd_owner; > ERROR: permission denied to set role "dd_owner" > ddevienne=> grant dd_owner to current_user; > GRANT ROLE > ddevienne=> set role dd_owner; > SET > ddevienne=> create role dd_user; > CREATE ROLE > ddevienne=> grant dd_admin to dd_user; > ERROR: permission denied to grant role "dd_admin" > DETAIL: Only roles with the ADMIN option on role "dd_admin" may grant > this role. > ddevienne=> > > What user did you do the above as? On my Postgres 16.4 instance logged in as postgres: test=# create role dd_owner createrole; CREATE ROLE test=# create role dd_admin noinherit; CREATE ROLE test=# grant dd_owner to dd_admin; GRANT ROLE test=# set role dd_owner; SET test=> grant dd_owner to current_user; ERROR: permission denied to grant role "dd_owner" DETAIL: Only roles with the ADMIN option on role "dd_owner" may grant this role. test=> create role dd_user; CREATE ROLE test=> grant dd_admin to dd_user; ERROR: permission denied to grant role "dd_admin" DETAIL: Only roles with the ADMIN option on role "dd_admin" may grant this role. -- Adrian Klaver adrian.klaver@aklaver.com