Re: Backward compat issue with v16 around ROLEs

public inbox for [email protected]  
help / color / mirror / Atom feed

From: David G. Johnston <[email protected]>
To: Dominique Devienne <[email protected]>
Cc: [email protected] <[email protected]>
Subject: Re: Backward compat issue with v16 around ROLEs
Date: Wed, 11 Sep 2024 08:06:34 -0700
Message-ID: <CAKFQuwYK2Vdnbdaxh9QF_0PYpztg51nc-iqYeiKDfpzek7hTdQ@mail.gmail.com> (raw)
In-Reply-To: <CAFCRh-8+PGGTuqg=rSKA533D0dqYAgq69UzSqMm67VEW02nZyQ@mail.gmail.com>
References: <CAFCRh-8+PGGTuqg=rSKA533D0dqYAgq69UzSqMm67VEW02nZyQ@mail.gmail.com>

On Wednesday, September 11, 2024, Dominique Devienne <[email protected]>
wrote:

>
> on v16:
>
> D:\pdgm\trunk\psc2>psql service=pau16
> psql (17beta3, server 16.1)
> Type "help" for help.
>
> ddevienne=> create role dd_owner createrole;
> CREATE ROLE
> ddevienne=> create role dd_admin noinherit;
> CREATE ROLE
> ddevienne=> grant dd_owner to dd_admin;

As the error indicates, this grant needs to be done with admin option.

Since the with admin option exists in versions prior to v16 this change
should work in all of your deployments.

> GRANT ROLE
> ddevienne=> set role dd_owner;
> ERROR:  permission denied to set role "dd_owner"
> ddevienne=> grant dd_owner to current_user;
> GRANT ROLE
> ddevienne=> set role dd_owner;
> SET
> ddevienne=> create role dd_user;
> CREATE ROLE
> ddevienne=> grant dd_admin to dd_user;
> ERROR:  permission denied to grant role "dd_admin"
> DETAIL:  Only roles with the ADMIN option on role "dd_admin" may grant

See comment above.

> this role.
> ddevienne=>
>
>
David J.

view thread (15+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected]
  Subject: Re: Backward compat issue with v16 around ROLEs
  In-Reply-To: <CAKFQuwYK2Vdnbdaxh9QF_0PYpztg51nc-iqYeiKDfpzek7hTdQ@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox