Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1sQvTm-00CMfN-Pv
	for pgsql-general@arkaria.postgresql.org; Mon, 08 Jul 2024 21:00:59 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1sQvTl-009MX9-Bj
	for pgsql-general@arkaria.postgresql.org; Mon, 08 Jul 2024 21:00:57 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <p.luzanov@postgrespro.ru>)
	id 1sQvTk-009MX0-SY
	for pgsql-general@lists.postgresql.org; Mon, 08 Jul 2024 21:00:57 +0000
Received: from mail.postgrespro.ru ([93.174.131.139])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <p.luzanov@postgrespro.ru>)
	id 1sQvTg-0015rx-79
	for pgsql-general@postgresql.org; Mon, 08 Jul 2024 21:00:55 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=postgrespro.ru;
	s=mx2023; t=1720472436;
	bh=34BJAc8npXZkRguAPp88cmJyMOLNV1v0Pd1E/Q/wJjI=;
	h=Message-ID:Date:User-Agent:Subject:To:References:From:In-Reply-To:
	 From;
	b=rIZ7EOaw9jDP4Z8hnBl3yEYj2VzoLOeHQpK7RND7Ts+tyBtS+5m8H/N0A89pHY25U
	 SHjVwPFfUJY74pbqujRgzGTaTCK1+zFNUy57WJhFtGxDeQbIW6LwpCVl1XbalzyZjx
	 hEv1yfIuKLb+hFHXK+YJrad1xVlRuL+a//WoGRXRZOPfkCTK6ZyN6e7UKM3jtVRMAF
	 zXtB/wjc9zRkBWSyRr2ZpW//7SsyHfXKvX9P5DO8gd/09lC9RyDsX9NpMnt5nGh5Ob
	 5b8FnpdNVGyc4bcZDnmGGWq9RpAHM5sa+R6ZH0e0s1IXtqusgKlIfKLEXp4A2GYGlX
	 ZeNO6lFnnTJqw==
Received: from [192.168.0.104] (unknown [62.217.185.30])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(Client did not present a certificate)
	(Authenticated sender: p.luzanov@postgrespro.ru)
	by mail.postgrespro.ru (Postfix/587) with ESMTPSA id 25E505FE73;
	Tue,  9 Jul 2024 00:00:36 +0300 (MSK)
Content-Type: multipart/alternative;
 boundary="------------yIoz00diwA3geLC2AbEukyQJ"
Message-ID: <2e3e4ddb-52b5-49b2-b363-00e3f12a83a0@postgrespro.ru>
Date: Tue, 9 Jul 2024 00:00:35 +0300
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: v16 roles, SET FALSE, INHERIT FALSE, ADMIN FALSE
To: Christophe Pettus <xof@thebuild.com>,
 pgsql-general <pgsql-general@postgresql.org>
References: <69A2A7BD-F8CA-4067-B229-B5F9FC6A884F@thebuild.com>
Content-Language: en-US, ru-RU
From: Pavel Luzanov <p.luzanov@postgrespro.ru>
In-Reply-To: <69A2A7BD-F8CA-4067-B229-B5F9FC6A884F@thebuild.com>
X-KSMG-AntiPhishing: NotDetected, bases: 2024/07/08 20:46:00
X-KSMG-AntiSpam-Interceptor-Info: not scanned
X-KSMG-AntiSpam-Status: not scanned, disabled by settings
X-KSMG-AntiVirus: Kaspersky Secure Mail Gateway, version 2.1.0.7854, bases: 2024/07/08 19:07:00 #25919740
X-KSMG-AntiVirus-Status: NotDetected, skipped
X-KSMG-LinksScanning: not scanned, disabled by settings
X-KSMG-Message-Action: skipped
X-KSMG-Rule-ID: 1
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/2e3e4ddb-52b5-49b2-b363-00e3f12a83a0%40postgrespro.ru>
Precedence: bulk

This is a multi-part message in MIME format.
--------------yIoz00diwA3geLC2AbEukyQJ
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit

On 08.07.2024 22:22, Christophe Pettus wrote:
> This is more curiosity than anything else.  In the v16 role system, is there actually any reason to grant membership in a role to a different role, but with SET FALSE, INHERIT FALSE, and ADMIN FALSE?  Does the role granted membership gain any ability it didn't have before in that case?

Looks like there is one ability.
Authentication in pg_hba.conf "USER" field via +role syntax.

-- 
Pavel Luzanov
Postgres Professional:https://postgrespro.com

--------------yIoz00diwA3geLC2AbEukyQJ
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit

<!DOCTYPE html>
<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    On 08.07.2024 22:22, Christophe Pettus wrote:<span
    style="white-space: pre-wrap">
</span><span style="white-space: pre-wrap">
</span>
    <blockquote type="cite"
      cite="mid:69A2A7BD-F8CA-4067-B229-B5F9FC6A884F@thebuild.com">
      <pre class="moz-quote-pre" wrap="">This is more curiosity than anything else.  In the v16 role system, is there actually any reason to grant membership in a role to a different role, but with SET FALSE, INHERIT FALSE, and ADMIN FALSE?  Does the role granted membership gain any ability it didn't have before in that case?
</pre>
    </blockquote>
    <br>
    Looks like there is one ability.<br>
    Authentication in pg_hba.conf "USER" field via +role syntax.<br>
    <br>
    <pre class="moz-signature" cols="72">-- 
Pavel Luzanov
Postgres Professional: <a class="moz-txt-link-freetext" href="https://postgrespro.com">https://postgrespro.com</a></pre>
  </body>
</html>

--------------yIoz00diwA3geLC2AbEukyQJ--