public inbox for [email protected]
help / color / mirror / Atom feedFrom: David G. Johnston <[email protected]>
To: Christophe Pettus <[email protected]>
Cc: Laurenz Albe <[email protected]>
Cc: pgsql-general <[email protected]>
Subject: Re: v16 roles, SET FALSE, INHERIT FALSE, ADMIN FALSE
Date: Mon, 8 Jul 2024 13:42:38 -0700
Message-ID: <CAKFQuwaRd4naNA8Ep2xGrQWp_yGd++xZe9H32PV3G-8o=Dg3nQ@mail.gmail.com> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
On Monday, July 8, 2024, Christophe Pettus <[email protected]> wrote:
>
>
> > On Jul 8, 2024, at 13:29, Christophe Pettus <[email protected]> wrote:
> >
> >
> >
> >> On Jul 8, 2024, at 13:25, Laurenz Albe <[email protected]>
> wrote:
> >> I didn't test it, but doesn't that allow the member rule to drop
> objects owned
> >> be the role it is a member of?
> >
> > No, apparently not.
>
> Just from a quick check, it looks like you need INHERIT to inherit the
> ability to drop objects. The documentation strongly implies this, although
> it doesn't quite come out and say it.
>
>
Are you referring to this:
The right to modify or destroy an object is inherent in being the object's
owner, and cannot be granted or revoked in itself. (However, like all
privileges, that right can be inherited by members of the owning role; see
Section 22.3 <https://www.postgresql.org/docs/current/role-membership.html;
.)
https://www.postgresql.org/docs/current/ddl-priv.html
It can be argued that is more than strong implication though a different
more obvious (technical) wording could be in order.
David J.
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: v16 roles, SET FALSE, INHERIT FALSE, ADMIN FALSE
In-Reply-To: <CAKFQuwaRd4naNA8Ep2xGrQWp_yGd++xZe9H32PV3G-8o=Dg3nQ@mail.gmail.com>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox