Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1srgdo-003msQ-9L
	for pgsql-general@arkaria.postgresql.org; Fri, 20 Sep 2024 16:37:57 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1srgdm-009ggq-2o
	for pgsql-general@arkaria.postgresql.org; Fri, 20 Sep 2024 16:37:55 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <laurenz.albe@cybertec.at>)
	id 1srgdl-009ggh-JC
	for pgsql-general@lists.postgresql.org; Fri, 20 Sep 2024 16:37:54 +0000
Received: from mail-ej1-x62f.google.com ([2a00:1450:4864:20::62f])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <laurenz.albe@cybertec.at>)
	id 1srgdk-000Ca9-93
	for pgsql-general@postgresql.org; Fri, 20 Sep 2024 16:37:53 +0000
Received: by mail-ej1-x62f.google.com with SMTP id a640c23a62f3a-a8ce5db8668so316675866b.1
        for <pgsql-general@postgresql.org>; Fri, 20 Sep 2024 09:37:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=cybertec-at.20230601.gappssmtp.com; s=20230601; t=1726850271; x=1727455071; darn=postgresql.org;
        h=mime-version:user-agent:content-transfer-encoding:references
         :in-reply-to:date:cc:to:from:subject:message-id:from:to:cc:subject
         :date:message-id:reply-to;
        bh=mL/zFEA0JG2dCe1eWK7ivYEN4XfuEDOXZpJYVNbcOCM=;
        b=t9lBP9etZEiyEX7GyZ8iYMQ4qh6LTRandv27Qia5MdDyEECbuKHBendgzvPpyK9WX2
         fC+mUFpTWcjZtHVdWmohqnTaU1c9lEzuURX9G113QSzMpv7aVDNFFs4wX7cK7mvxmnIH
         am3RC8OlYxUffjrqJMcMOfmiZssajAw2phlbxyXbZxoDj6dgvqq0wvEtkk/0kURkPYWP
         EcM7TIW6CU0bptg+7gSAsPaB4hnHzhpI3i/9TNpVN4i7pfj+nPKUOw6c4wZ78VH82494
         NzvDUKeynwGVLqPPMALq5L8T60YHzRiH902NRmBTCCT9qo3WDs+hVpBv1vXJCXKaLwlg
         z8oQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1726850271; x=1727455071;
        h=mime-version:user-agent:content-transfer-encoding:references
         :in-reply-to:date:cc:to:from:subject:message-id:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=mL/zFEA0JG2dCe1eWK7ivYEN4XfuEDOXZpJYVNbcOCM=;
        b=GDKltTgnmpDESs6cCdWGndPjbyLI9hEsfyrDbMdevnOMq5NuvmmmBhRwKk3co0CeGU
         G2nEZmj+gXsajEPoEdd1p0hlAjFR/4NGdz4teodLIdkW/OMblsBaa0ydwdGwD7JeqCys
         +pxjtQBA+RyNDiP5og97CCwsPv+eEfvyUiVzcJfoxpiJK4C8aXsjOlgWmXpYGPWmFWjA
         b5AtzehvSZQTyvUCz1R7bAj1v/WsMS1OrPe1aTpIWaJSOeNjIroV2rQpFziOsPHe+2zf
         3nENR/pzDLpeaM746Z0L+QWag5ob1/gmWJBYqrFWYR8nHuzQHWkZkWdUCUmABY9Bm56m
         vmPA==
X-Forwarded-Encrypted: i=1; AJvYcCVHbi1X640NFisEGcx1+LUxKZhjouAk1s1uTlUshhHHcHMLNIug8NSFsRP8yyzNgrnsTMkf9jg41ovC5XU3@postgresql.org
X-Gm-Message-State: AOJu0YzNcf2thiN9eBaEiqB0AmGTmydbMUFiYXFbHvieo79bzhezixFm
	n6luMwnFKQZB5qIKHeK4z4x2Gz4BjjIW9jU19sfhX8z2yPmTgmo9DBf+ULW8w3E=
X-Google-Smtp-Source: AGHT+IFqFmKeQ2CvVwVY6soaZQvefeWIMmzaeEVbbbMbp8o9ZqEAXoR0FN19KzTOHRwhIKHYDYJ7GA==
X-Received: by 2002:a17:907:3d87:b0:a86:7b71:7b74 with SMTP id a640c23a62f3a-a90d58ceaadmr297472966b.55.1726850270559;
        Fri, 20 Sep 2024 09:37:50 -0700 (PDT)
Received: from dynamic-pd01.res.v6.highway.a1.net ([2001:871:260:b59a:3b05:b5a9:4ef:76b7])
        by smtp.gmail.com with ESMTPSA id a640c23a62f3a-a90612b3f6fsm869347466b.107.2024.09.20.09.37.50
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Fri, 20 Sep 2024 09:37:50 -0700 (PDT)
Message-ID: <42cf78d42a376bf05ca9f5776ad29edc30e784d5.camel@cybertec.at>
Subject: Re: Why no pg_has_role(..., 'ADMIN')?
From: Laurenz Albe <laurenz.albe@cybertec.at>
To: Dominique Devienne <ddevienne@gmail.com>, pgsql-general@postgresql.org
Cc: robertmhaas@gmail.com
Date: Fri, 20 Sep 2024 18:37:49 +0200
In-Reply-To: <CAFCRh-8JNEy+dV4SXFOrWca50u+d=--TO4cq=+ac1oBtfJy4AA@mail.gmail.com>
References: 
	<CAFCRh-8JNEy+dV4SXFOrWca50u+d=--TO4cq=+ac1oBtfJy4AA@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
User-Agent: Evolution 3.52.4 (3.52.4-1.fc40) 
MIME-Version: 1.0
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/42cf78d42a376bf05ca9f5776ad29edc30e784d5.camel%40cybertec.at>
Precedence: bulk

On Fri, 2024-09-20 at 17:26 +0200, Dominique Devienne wrote:
> To find out whether a ROLE can DROP another in v16+.
> Prior to v16, just having CREATEROLE was enough,
> so it didn't really seem necessary.
>=20
> But knowing whether DROP ROLE will work,
> w/o invalidating the current transaction,
> seems like something quite useful to know now, no?
>=20
> I can query pg_auth_members for admin_option,
> but only easily for direct membership. Taking into
> account indirect membership, which I assume applies,
> is exactly why pg_has_role() exists, no?

That would be a useful addition, yes.

Yours,
Laurenz Albe