Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1sQwXb-00CRnr-Rh
	for pgsql-general@arkaria.postgresql.org; Mon, 08 Jul 2024 22:08:59 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1sQwXa-00A1zV-4h
	for pgsql-general@arkaria.postgresql.org; Mon, 08 Jul 2024 22:08:58 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <tgl@sss.pgh.pa.us>)
	id 1sQwXZ-00A1yn-Pe
	for pgsql-general@lists.postgresql.org; Mon, 08 Jul 2024 22:08:57 +0000
Received: from sss.pgh.pa.us ([68.162.161.243])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <tgl@sss.pgh.pa.us>)
	id 1sQwXX-0016K0-9Q
	for pgsql-general@postgresql.org; Mon, 08 Jul 2024 22:08:56 +0000
Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1])
	by sss.pgh.pa.us (8.15.2/8.15.2) with ESMTP id 468M8onl1221567;
	Mon, 8 Jul 2024 18:08:50 -0400
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Robert Haas <robertmhaas@gmail.com>
cc: "David G. Johnston" <david.g.johnston@gmail.com>,
        Pavel Luzanov <p.luzanov@postgrespro.ru>,
        Christophe Pettus <xof@thebuild.com>,
        pgsql-general <pgsql-general@postgresql.org>
Subject: Re: v16 roles, SET FALSE, INHERIT FALSE, ADMIN FALSE
In-reply-to: <CAKFQuwYdD-rUZy7nYCi0K-RxvL-=s1wMHU6hqdBNY7VsaCwv3A@mail.gmail.com>
References: <69A2A7BD-F8CA-4067-B229-B5F9FC6A884F@thebuild.com> <2e3e4ddb-52b5-49b2-b363-00e3f12a83a0@postgrespro.ru> <1214992.1720473388@sss.pgh.pa.us> <CAKFQuwYdD-rUZy7nYCi0K-RxvL-=s1wMHU6hqdBNY7VsaCwv3A@mail.gmail.com>
Comments: In-reply-to "David G. Johnston" <david.g.johnston@gmail.com>
	message dated "Mon, 08 Jul 2024 14:59:51 -0700"
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-ID: <1221565.1720476530.1@sss.pgh.pa.us>
Content-Transfer-Encoding: 8bit
Date: Mon, 08 Jul 2024 18:08:50 -0400
Message-ID: <1221566.1720476530@sss.pgh.pa.us>
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/1221566.1720476530%40sss.pgh.pa.us>
Precedence: bulk

"David G. Johnston" <david.g.johnston@gmail.com> writes:
> On Mon, Jul 8, 2024 at 2:16 PM Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> Pavel Luzanov <p.luzanov@postgrespro.ru> writes:
> On 08.07.2024 22:22, Christophe Pettus wrote:
>>>> This is more curiosity than anything else.  In the v16 role system, is
>>>> there actually any reason to grant membership in a role to a different
>>>> role, but with SET FALSE, INHERIT FALSE, and ADMIN FALSE?  Does the role
>>>> granted membership gain any ability it didn't have before in that case?

>>> Looks like there is one ability.
>>> Authentication in pg_hba.conf "USER" field via +role syntax.

>> Hmm, if that check doesn't require INHERIT TRUE I'd say it's
>> a bug.

> The code doesn't support that claim.

That doesn't make it not a bug.  Robert, what do you think?  If this
is correct behavior, why is it correct?

			regards, tom lane