Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1sQuVc-00CI88-Gy
	for pgsql-general@arkaria.postgresql.org; Mon, 08 Jul 2024 19:58:48 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1sQuVb-008YhX-6S
	for pgsql-general@arkaria.postgresql.org; Mon, 08 Jul 2024 19:58:47 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <david.g.johnston@gmail.com>)
	id 1sQuVa-008YhP-Rj
	for pgsql-general@lists.postgresql.org; Mon, 08 Jul 2024 19:58:46 +0000
Received: from mail-oa1-x30.google.com ([2001:4860:4864:20::30])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.94.2)
	(envelope-from <david.g.johnston@gmail.com>)
	id 1sQuVY-0015ED-AE
	for pgsql-general@postgresql.org; Mon, 08 Jul 2024 19:58:45 +0000
Received: by mail-oa1-x30.google.com with SMTP id 586e51a60fabf-25cba5eea69so2152368fac.2
        for <pgsql-general@postgresql.org>; Mon, 08 Jul 2024 12:58:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1720468723; x=1721073523; darn=postgresql.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=YpedAcvqAtcpKBKOnuo7440f+Qn8XQDPQPRA92spS9Q=;
        b=HIdvgCO4hiAPu49uoCnv9PD4tcgKavQL+RH5LDvH9Gr+xMYkLBFkQKqQTM9mBE0vup
         D/V5IhWSpGlNcY/M4l/zz148L4ookCAB22XXNYBtWFYXcAp5bS9EiGaza1ehV92tfNwr
         EYBTBD6C2m8u+6GI2HmJkfpjXkIRKYFtxPWb/4faKOGn6xoDJXxsn2tab52PK6uyzzTt
         pFK1nv3mWLvCkAfTPvk+digIS5saqo6w6sxNnW0Dl/a60aJy75FgZwxlwRuHG3qKWvd9
         99JeZ38YExXYMpE4i1TooLXu+IobcscWE7zTceaFDecPISYmmQw9qEseM62F7RAx5bX+
         INxg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1720468723; x=1721073523;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=YpedAcvqAtcpKBKOnuo7440f+Qn8XQDPQPRA92spS9Q=;
        b=GzHvHxD6rdA0AA2PFAAQiUv8MrvRrCoxzLRZc9rMeXiHPRf8nwpStf9JIEUsTsJQ9e
         caEwo0n0Ue7NOdq5aUsV9dQPrjyGR45ub4necsz/blO+CWFS8LI5WIMU/xqNRjCo5Wxr
         vTkj4/GDv7B0fI58YMSFdf7SSyr31SkxxXXUA0URXTfwpvJkZfmHYHP31GZf0uwR+K2M
         /85dBAuRVd5PdgqtcxqOwgpJj6m5uveQwqN3jl16OJwcZ7wKgjMSOkhAjU7xtCqBtZrk
         8dcGWzB1UGGEbSWEfy7Pi9ei5rEdAw/UvBgSfg/vLpzBwKC2n/DXGgCq5mE6tfAMLuST
         T8kg==
X-Gm-Message-State: AOJu0YzXRbN6s1jAxKT/yUJ2v+Bv5w/hQujn4hPF8ytWJDG6wqWI/6XM
	c0pWyIoJ7ZuWNJv3xJhw9U7wlhUT8jnEQ6J7ji7qWoVr0JizMYmx9jT441ZgasD79XAyof+mFMA
	/sl7/QYFvvCseXO8VoXrdxGmg5vJLMQ==
X-Google-Smtp-Source: AGHT+IGOk4euyHPiIcU+UUqGww0o32ZIe8Zc1UE93TXvfin3f3qe27upk2GEGA7TnhIN6PSoCR88/RXDLMB8/9FPyxI=
X-Received: by 2002:a05:6871:24dd:b0:25e:2871:5d55 with SMTP id
 586e51a60fabf-25eae756551mr321555fac.5.1720468723534; Mon, 08 Jul 2024
 12:58:43 -0700 (PDT)
MIME-Version: 1.0
References: <69A2A7BD-F8CA-4067-B229-B5F9FC6A884F@thebuild.com>
In-Reply-To: <69A2A7BD-F8CA-4067-B229-B5F9FC6A884F@thebuild.com>
From: "David G. Johnston" <david.g.johnston@gmail.com>
Date: Mon, 8 Jul 2024 12:58:06 -0700
Message-ID: <CAKFQuwaSk4Ftn52X3aup9upDkurAunTHLB1XtZb0Pkzs7TTYUA@mail.gmail.com>
Subject: Re: v16 roles, SET FALSE, INHERIT FALSE, ADMIN FALSE
To: Christophe Pettus <xof@thebuild.com>
Cc: pgsql-general <pgsql-general@postgresql.org>
Content-Type: multipart/alternative; boundary="0000000000001d1662061cc1d77f"
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/CAKFQuwaSk4Ftn52X3aup9upDkurAunTHLB1XtZb0Pkzs7TTYUA%40mail.gmail.com>
Precedence: bulk

--0000000000001d1662061cc1d77f
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Mon, Jul 8, 2024 at 12:23=E2=80=AFPM Christophe Pettus <xof@thebuild.com=
> wrote:

>
> This is more curiosity than anything else.  In the v16 role system, is
> there actually any reason to grant membership in a role to a different
> role, but with SET FALSE, INHERIT FALSE, and ADMIN FALSE?  Does the role
> granted membership gain any ability it didn't have before in that case?
>
>
That scenario is allowed but provides no useful in-server behavior.  I
suppose the membership presence/absence could be given external meaning by
a DBA.  Personally, I'd just add a metric on the server counting these and
alert if it is ever non-zero.

David J.

--0000000000001d1662061cc1d77f
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><div class=3D"gmail_default" style=3D"fon=
t-family:arial,helvetica,sans-serif"><span style=3D"font-family:Arial,Helve=
tica,sans-serif">On Mon, Jul 8, 2024 at 12:23=E2=80=AFPM Christophe Pettus =
&lt;<a href=3D"mailto:xof@thebuild.com" target=3D"_blank">xof@thebuild.com<=
/a>&gt; wrote:</span><br></div></div><div class=3D"gmail_quote"><blockquote=
 class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px so=
lid rgb(204,204,204);padding-left:1ex"><br>
This is more curiosity than anything else.=C2=A0 In the v16 role system, is=
 there actually any reason to grant membership in a role to a different rol=
e, but with SET FALSE, INHERIT FALSE, and ADMIN FALSE?=C2=A0 Does the role =
granted membership gain any ability it didn&#39;t have before in that case?=
<br>
<br></blockquote><div><br></div><div class=3D"gmail_default" style=3D"font-=
family:arial,helvetica,sans-serif">That scenario is allowed but provides no=
 useful in-server behavior.=C2=A0 I suppose the membership presence/absence=
 could be given external meaning by a DBA.=C2=A0 Personally, I&#39;d just a=
dd a metric on the server counting these and alert if it is ever non-zero.<=
/div><div class=3D"gmail_default" style=3D"font-family:arial,helvetica,sans=
-serif"><br></div><div class=3D"gmail_default" style=3D"font-family:arial,h=
elvetica,sans-serif">David J.</div><div class=3D"gmail_default" style=3D"fo=
nt-family:arial,helvetica,sans-serif"><br></div></div></div>

--0000000000001d1662061cc1d77f--