Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1soPGX-00B1su-UP
	for pgsql-general@arkaria.postgresql.org; Wed, 11 Sep 2024 15:28:22 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1soPGX-002ew4-9m
	for pgsql-general@arkaria.postgresql.org; Wed, 11 Sep 2024 15:28:21 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <ddevienne@gmail.com>)
	id 1soPGW-002evv-Uq
	for pgsql-general@lists.postgresql.org; Wed, 11 Sep 2024 15:28:20 +0000
Received: from mail-oi1-x22b.google.com ([2607:f8b0:4864:20::22b])
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <ddevienne@gmail.com>)
	id 1soPGT-000fKs-ED
	for pgsql-general@lists.postgresql.org; Wed, 11 Sep 2024 15:28:20 +0000
Received: by mail-oi1-x22b.google.com with SMTP id 5614622812f47-3e0465e6bd5so1636259b6e.2
        for <pgsql-general@lists.postgresql.org>; Wed, 11 Sep 2024 08:28:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1726068497; x=1726673297; darn=lists.postgresql.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=IRUIrCoUGarpAbZEwqYDke1VEBAuvszcBx+zMI1mrHo=;
        b=HojLf/I0ho0lr0jrs7Dy6OW+hmZCtwc+HgyIrZlKfjmyvou2Fz0AOYw8U1YkVdX33g
         1NJgg/2HiyJeUW6zi/5PUrkeXUWs9eE9ffMVN4Wi0RM+jyvsd3tIwa+Y2qgxZVXljQ9O
         8e7TtXwApbWA1+KCDt9WB9LjXbGGYUI9Fe2RZRvFRW2lRah2qNXqUcG29PmPA8kuMnla
         hdEEIuninbrnuADBHNPguC5D/H9r3qL99u/eLgNsy23G6RikJLb3Ruyd8Gc4ki9pFtSp
         gw+waoNDzY3Si11fIgpJcilRS0iyL96PD+7ImZ0YNf4vUNSzGmrIDtriiev6eGEZ1YIT
         uIlA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1726068497; x=1726673297;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=IRUIrCoUGarpAbZEwqYDke1VEBAuvszcBx+zMI1mrHo=;
        b=KkdCEg4MJE0jJBwFEJmo26w/K3BaOOwvVKUbULZviD0ZzYCdTM09wmjh4xy8F2l3s/
         cuPg3YSRruO2N0L4yWPDfqw4bFPbvqWBrgTJuL5LuUkyyxHGxG32ZxbUTU0Zry89tSvL
         EKPuK79vFZttvG3laizm8DYZA3ZTjV/lMFENWRy6Puy9SUe7p1zZNa/W7qy7ROp4PgQw
         nrYXVcWm+Oq+MjoW8fnwtSZKhr/NJ5ZPJOKG/T4qqzhIuYZUvzArt7eDnzfFodZ5P4FD
         Pe7I5++OXG74XeiM3DmntCrUNziRtn8hiHz7MW9RAmD6M/D3dLfoaxeQDp4TcxOfb4UU
         h9HQ==
X-Gm-Message-State: AOJu0YxNR8Mt6mEhmTJUQIsNKoSOpad5EFtUtr/wNc1QpnGSGtIUQHJR
	ivL1tqNQTw5SNVqCDLjZdnWSkLtlSOsuewL1CDABiANL+VbDv1H7ZizbndYNYpN9DFsz5sVPQ4H
	G3KqH3Y1Gp9tYWsBhLf9zAyQt9bifOQ==
X-Google-Smtp-Source: AGHT+IHhOj/t7/NY/abyIX3hYbt+e+3ET7oIp1zb0LFUJHSoKdwxDQFooEnDar6ju/MWsmp3rBb83V1bgN8ngYIkcPY=
X-Received: by 2002:a05:6808:1a29:b0:3e0:47eb:baa with SMTP id
 5614622812f47-3e047eb0d37mr7688346b6e.14.1726068496528; Wed, 11 Sep 2024
 08:28:16 -0700 (PDT)
MIME-Version: 1.0
References: <CAFCRh-8+PGGTuqg=rSKA533D0dqYAgq69UzSqMm67VEW02nZyQ@mail.gmail.com>
 <076fe1a7-b72c-4ba1-8589-cd7ece3fd982@aklaver.com>
In-Reply-To: <076fe1a7-b72c-4ba1-8589-cd7ece3fd982@aklaver.com>
From: Dominique Devienne <ddevienne@gmail.com>
Date: Wed, 11 Sep 2024 17:28:04 +0200
Message-ID: <CAFCRh-_-fuE8vSvP1vyqKXFGihfj9RmUB9z1wmEFtbkYTXNHTQ@mail.gmail.com>
Subject: Re: Backward compat issue with v16 around ROLEs
To: Adrian Klaver <adrian.klaver@aklaver.com>
Cc: pgsql-general@lists.postgresql.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/CAFCRh-_-fuE8vSvP1vyqKXFGihfj9RmUB9z1wmEFtbkYTXNHTQ%40mail.gmail.com>
Precedence: bulk

On Wed, Sep 11, 2024 at 5:09=E2=80=AFPM Adrian Klaver <adrian.klaver@aklave=
r.com> wrote:
> What user did you do the above as?

My own user, which lacks SUPERUSER (I have CREATEROLE and CREATEDB
only, and LOGIN of course).

> On my Postgres 16.4 instance logged in as postgres:

> test=3D# create role dd_owner createrole;
> CREATE ROLE
> test=3D# create role dd_admin noinherit;
> CREATE ROLE
> test=3D# grant dd_owner to dd_admin;
> GRANT ROLE
> test=3D# set role dd_owner;
> SET

This failed for me, but works for you, probably because you are SUPERUSER.

> test=3D> grant dd_owner to current_user;
> ERROR:  permission denied to grant role "dd_owner"
> DETAIL:  Only roles with the ADMIN option on role "dd_owner" may grant
> this role.

A role can't grant itself to someone? Hmmm...

> test=3D> create role dd_user;
> CREATE ROLE
> test=3D> grant dd_admin to dd_user;
> ERROR:  permission denied to grant role "dd_admin"
> DETAIL:  Only roles with the ADMIN option on role "dd_admin" may grant
> this role.

This is the error I'm trying to fix on v16, and was OK on v14.
So your v16.4 behaves the same as my v16.1 it seems. --DD