Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1sQv6M-00CL3p-VA
	for pgsql-general@arkaria.postgresql.org; Mon, 08 Jul 2024 20:36:46 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1sQv6L-0096n4-MP
	for pgsql-general@arkaria.postgresql.org; Mon, 08 Jul 2024 20:36:45 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <xof@thebuild.com>)
	id 1sQv6L-0096mw-B6
	for pgsql-general@lists.postgresql.org; Mon, 08 Jul 2024 20:36:45 +0000
Received: from smtp64.ord1d.emailsrvr.com ([184.106.54.64])
	by makus.postgresql.org with esmtps  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <xof@thebuild.com>)
	id 1sQv6I-0015hX-Tr
	for pgsql-general@postgresql.org; Mon, 08 Jul 2024 20:36:44 +0000
X-Auth-ID: xof@thebuild.com
Received: by smtp1.relay.ord1d.emailsrvr.com (Authenticated sender: xof-AT-thebuild.com) with ESMTPSA id 07DE540265;
	Mon,  8 Jul 2024 16:36:41 -0400 (EDT)
Content-Type: text/plain;
	charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3774.600.62\))
Subject: Re: v16 roles, SET FALSE, INHERIT FALSE, ADMIN FALSE
From: Christophe Pettus <xof@thebuild.com>
In-Reply-To: <AAE6E234-1D5B-4FFA-85F6-473F9ED48A22@thebuild.com>
Date: Mon, 8 Jul 2024 13:36:11 -0700
Cc: pgsql-general <pgsql-general@postgresql.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <6A063ECC-E0FD-4CAF-A057-96BA55832889@thebuild.com>
References: <69A2A7BD-F8CA-4067-B229-B5F9FC6A884F@thebuild.com>
 <78790ab5cdece730a2029310184f9bb9cfcc0fa6.camel@cybertec.at>
 <AAE6E234-1D5B-4FFA-85F6-473F9ED48A22@thebuild.com>
To: Laurenz Albe <laurenz.albe@cybertec.at>
X-Mailer: Apple Mail (2.3774.600.62)
X-Classification-ID: 52742c82-1fb6-493f-b1dc-08f340c54ca1-1-1
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/6A063ECC-E0FD-4CAF-A057-96BA55832889%40thebuild.com>
Precedence: bulk



> On Jul 8, 2024, at 13:29, Christophe Pettus <xof@thebuild.com> wrote:
>=20
>=20
>=20
>> On Jul 8, 2024, at 13:25, Laurenz Albe <laurenz.albe@cybertec.at> =
wrote:
>> I didn't test it, but doesn't that allow the member rule to drop =
objects owned
>> be the role it is a member of?
>=20
> No, apparently not.

Just from a quick check, it looks like you need INHERIT to inherit the =
ability to drop objects.  The documentation strongly implies this, =
although it doesn't quite come out and say it.=