public inbox for [email protected]
help / color / mirror / Atom feedFrom: Dominique Devienne <[email protected]>
To: [email protected]
Subject: has_schema_privilege(), but taking inheritance into account
Date: Thu, 2 Oct 2025 14:21:51 +0200
Message-ID: <CAFCRh--8r8ivUBZttLW3jKtsu++nJd3-mE37AJR5eY9gQfoVzg@mail.gmail.com> (raw)
Hi.
With pg_has_role(), I can use USAGE for access right now, or MEMBER
for "possible" access after a SET ROLE. I.e. I can see GRANT
INHERIT'ance in action.
But with has_schema_privilege(..., 'USAGE'), I can only check the
"right now" case. But I'd like to be able to take "indirect USAGE"
into account, via non-INHERIT'ed ROLE membership. To mirror what
pg_has_role() provides.
Could there be an extra argument to check for INHERIT and GRANTABLE?
Or variation in the string it accept to allow checking for those?
E.g. you can check for ADMIN OPTION (i.e. regrantable) with
pg_has_role(). But you can't with has_schema_privilege() (or other
ACL-based object classes).
Basically I'd wish for inheritance and grantable aware
has_xyz_privilege(), similar to pg_has_role().
Any chance this might land eventually?
Am I the only one who uses ROLEs that extensively and thus feels that need?
Baring the above, any way to similute it in SQL? --DD
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected]
Subject: Re: has_schema_privilege(), but taking inheritance into account
In-Reply-To: <CAFCRh--8r8ivUBZttLW3jKtsu++nJd3-mE37AJR5eY9gQfoVzg@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox