Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1v4IK0-00CPKF-1G
	for pgsql-general@arkaria.postgresql.org; Thu, 02 Oct 2025 12:22:08 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1v4IJy-007b1L-5F
	for pgsql-general@arkaria.postgresql.org; Thu, 02 Oct 2025 12:22:06 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <ddevienne@gmail.com>)
	id 1v4IJx-007b1C-RG
	for pgsql-general@lists.postgresql.org; Thu, 02 Oct 2025 12:22:06 +0000
Received: from mail-ot1-x32b.google.com ([2607:f8b0:4864:20::32b])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.96)
	(envelope-from <ddevienne@gmail.com>)
	id 1v4IJv-0012Tt-2u
	for pgsql-general@postgresql.org;
	Thu, 02 Oct 2025 12:22:05 +0000
Received: by mail-ot1-x32b.google.com with SMTP id 46e09a7af769-7b7325d8fb5so614198a34.1
        for <pgsql-general@postgresql.org>; Thu, 02 Oct 2025 05:22:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1759407723; x=1760012523; darn=postgresql.org;
        h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
         :date:message-id:reply-to;
        bh=Ew27rfPg+/dFminDaVSUpTj67jUaB3yaLtuN5UPR6Bo=;
        b=YSqZ6NU671ipwxjurFfm4m5NoATRCfEui9HbN4K1IhrXHpNCYNDgmz6w3e2iK9TWH4
         GDQ93bwCfM10hSSE4jfjl4p+mHDUxostOYUuMEaf2AJV833gA5qhe3qkvpfIBpwvRw73
         qmfs7srfQZ5AjcrAEyEooI8NFRhfx8mE/igo6EbSXWSerlT11FPMRrGky/efogHRQAWL
         dN6ciE/ZRguzx8zw8pkn8vQp9+CF8wViR1ic0BsYKDAf2WmoZ8nNoZFurjlIP3MSG1SY
         cJZRcSBo+u+Vs4sdvhx9CDqV8nV7oazeUnuF0MusMif/gy5Ee0vBUZaB4VhFF244R85m
         EMWA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1759407723; x=1760012523;
        h=to:subject:message-id:date:from:mime-version:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=Ew27rfPg+/dFminDaVSUpTj67jUaB3yaLtuN5UPR6Bo=;
        b=LRh6HCQAXVVXuHaiURIr9QtA1XHdasjTN3g2d8dWj67bTgD3uSh1MmcVhZSJhSM0yf
         sSOoVPsa0FBNkTI7hwfkOKNOSOBZu2IKeuegDB1Nr6s/+IfDg2fG9G39PQCWHWDnywCs
         aJS+EuIB2rmCOTFXzpPjTGBzrvOeMq36pgKC227AYpRbvwScxNHPfIvNCiHD0zAvMcJw
         dF9D2e9xpH5g3ZJ2M95OvexFQqHCBFU0LMnBh0BiYCA2vJeSXX9xkp+ZEzBvff49qM3z
         ttfu4m7+cSUnf8Hzl9kcF4uKXrnlIftQi4eyqcq8WcdH9FVROnjJ7P99vtf1aDaIXtt9
         MbpQ==
X-Gm-Message-State: AOJu0YzNFAWXQ6aJwHuXkW2rCW0sMkY/Cj7kUVyfKQrUiYUb5WzfdbMl
	rJE4yqQ6AHssNeJ7fPJc08jHqsoNMCIV+Bm46PPORKRlH8tApwJOoygT4cVxNbACMOriNTg4GRK
	bhhbGlQhdqew91lNvmwRHa7Oio6mFNqSeLvxG
X-Gm-Gg: ASbGncto/y5sClfQCDorkU8jxxlE20qj1Ka0kLh8kaRFQMksu+lSwRzV1OzupPXwGgU
	5TEH10orw6F49RE9Qwj0WBOCa4TmwAoMrQs5/J0v0Khblj7dnqEqr9+MNROl+U75D7oLeDJAtgn
	ZUtUPs1FAWa+pfOMUD4bhU4gEb52yRGc04pbto1uj5fcyeofO5ZpJnLor9Qnv/jFAAm56BdiMpJ
	WZNFwPa91R6OWRTc9hAclCHk5iKVqabIw==
X-Google-Smtp-Source: AGHT+IExnpISV6+RDNQlRq/8014RQq3JfABs31mho/7SKwhkfr2slAI2QQ3cr32pGASSF5i398mABJqdzkBs/+EKrmk=
X-Received: by 2002:a05:6808:ec4:b0:43d:1faa:5849 with SMTP id
 5614622812f47-43fa3ed17e8mr3260643b6e.0.1759407722913; Thu, 02 Oct 2025
 05:22:02 -0700 (PDT)
MIME-Version: 1.0
From: Dominique Devienne <ddevienne@gmail.com>
Date: Thu, 2 Oct 2025 14:21:51 +0200
X-Gm-Features: AS18NWAHnIcTMHyZ_CrSx8-99CkDAgFZMIR7sH6vnf4I8A_mtXQnqOphMqzcJnY
Message-ID: <CAFCRh--8r8ivUBZttLW3jKtsu++nJd3-mE37AJR5eY9gQfoVzg@mail.gmail.com>
Subject: has_schema_privilege(), but taking inheritance into account
To: pgsql-general@postgresql.org
Content-Type: text/plain; charset="UTF-8"
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/CAFCRh--8r8ivUBZttLW3jKtsu%2B%2BnJd3-mE37AJR5eY9gQfoVzg%40mail.gmail.com>
Precedence: bulk

Hi.

With pg_has_role(), I can use USAGE for access right now, or MEMBER
for "possible" access after a SET ROLE. I.e. I can see GRANT
INHERIT'ance in action.

But with has_schema_privilege(..., 'USAGE'), I can only check the
"right now" case. But I'd like to be able to take "indirect USAGE"
into account, via non-INHERIT'ed ROLE membership. To mirror what
pg_has_role() provides.

Could there be an extra argument to check for INHERIT and GRANTABLE?
Or variation in the string it accept to allow checking for those?

E.g. you can check for ADMIN OPTION (i.e. regrantable) with
pg_has_role(). But you can't with has_schema_privilege() (or other
ACL-based object classes).

Basically I'd wish for inheritance and grantable aware
has_xyz_privilege(), similar to pg_has_role().

Any chance this might land eventually?
Am I the only one who uses ROLEs that extensively and thus feels that need?

Baring the above, any way to similute it in SQL? --DD