public inbox for [email protected]
help / color / mirror / Atom feedFrom: Tom Lane <[email protected]>
To: Robert Haas <[email protected]>
Cc: Laurenz Albe <[email protected]>
Cc: Dominique Devienne <[email protected]>
Cc: [email protected]
Subject: Re: Why no pg_has_role(..., 'ADMIN')?
Date: Fri, 20 Sep 2024 14:34:27 -0400
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <CAFCRh-8JNEy+dV4SXFOrWca50u+d=--TO4cq=+ac1oBtfJy4AA@mail.gmail.com>
<[email protected]>
<CA+TgmobvCGAHPZxX1rNgUb1cGcmD5e8ESGVSL=OyVqDYCAV3EQ@mail.gmail.com>
<[email protected]>
I wrote:
> Robert Haas <[email protected]> writes:
>> I think this already exists. The full list of modes supported by
>> pg_has_role() is listed in convert_role_priv_string(). You can do
>> something like pg_has_role('alice', 'USAGE WITH ADMIN OPTION'). This
>> is not new: it worked in older releases too, but AFAIK it's never been
>> mentioned in the documentation.
> Surely that's a bad documentation omission.
Actually, it's not true that it's entirely undocumented, because the
text above the table that describes pg_has_role mentions
Optionally, WITH GRANT OPTION can be added to a privilege type to
test whether the privilege is held with grant option.
But I concur that it's not immediately obvious that that applies
to role membership, since we don't use the "grant option" terminology
for roles.
I'm now inclined to add wording within the pg_has_role entry, along
the lines of
WITH ADMIN OPTION or WITH GRANT OPTION can be added to any of
these privilege types to test whether ADMIN privilege is held
(all six spellings test the same thing).
regards, tom lane
view thread (8+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected]
Subject: Re: Why no pg_has_role(..., 'ADMIN')?
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox