Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1up7tS-00H6ko-Oi for pgsql-general@arkaria.postgresql.org; Thu, 21 Aug 2025 16:12:04 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1up7tR-00HNaP-5u for pgsql-general@arkaria.postgresql.org; Thu, 21 Aug 2025 16:12:01 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1up7tQ-00HNaG-Rp for pgsql-general@lists.postgresql.org; Thu, 21 Aug 2025 16:12:01 +0000 Received: from mail-oa1-x33.google.com ([2001:4860:4864:20::33]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1up7tP-0012nj-05 for pgsql-general@lists.postgresql.org; Thu, 21 Aug 2025 16:12:00 +0000 Received: by mail-oa1-x33.google.com with SMTP id 586e51a60fabf-30cce892b7dso408032fac.1 for ; Thu, 21 Aug 2025 09:11:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1755792719; x=1756397519; darn=lists.postgresql.org; h=cc:to:subject:message-id:date:from:references:in-reply-to :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=E/fn4KX3P7iLesU08z2UN/LoijKdBBHnAvFoI2dVjow=; b=RYT+zklrGrd1F2mavaa54ECDJcVPnispiOJOJJXMvFVXvwDiHIWXfkil0IV3T5FGH8 mpetHNP8PJgEA+UFZZgzDIURh5T6Oyc54Q6nMqDZ5liO+9sWb1ZX65Ali7oR+M/42KAP CDsSO93vdbWgzbx8WfA3qb8xtIrMUyBjOztkjYTGwDhSWSR4s0t6dKO1f6AjadBPB253 L+N5eaeCMfUNO+MfSECF0woCaxKTYmelAjYzkwWiGDJa7XgPmCedA3Sy8ycG62K/2YXU 9+Mn1HQGTSFDb8clzeYjlJrlAsKdEJ4CxiBm6TGIQKGbdAzio1S4g6nJNaU1SeQdkKdI DYlQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755792719; x=1756397519; h=cc:to:subject:message-id:date:from:references:in-reply-to :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=E/fn4KX3P7iLesU08z2UN/LoijKdBBHnAvFoI2dVjow=; b=K5ZfF+BUWIhCgZ7SW9U+nYpEfz7ufhLDblGO6M1qb+hqybtsxKClyLxWqEsmYbsld7 rtmBWrAA4As9f95lGN6B++P34KvlRZlaV8fbYAslwc7zUA8o4kFoSg4rAXfcOplRUMuJ HZpmpTnLIOCTE/oc+RC0oJi14Bpncxr0XH3/GaR92JZWjcayHkAvHyZvgV9WrpHyqsaJ Ix6jERmSr+jS7jQI8TAKwzFKpH0hwW4+jHqIaMbM0s0uHq5VKyBRvZwSI9zcqwiPYAQ3 33aq+U38H14D97jfOO720x/0KtP4N/NVzSDz0TxoTlndvNImPsBrWfkf4MJUkUVHngJO YdPQ== X-Forwarded-Encrypted: i=1; AJvYcCUhFH8DYwnwZHDBN8w2AbUZO5YxRPu1YiUNy4aYK6/q0TY/L0iYCaZY/XRmw5EOfCjqRaYuqkszObzzGp/B@lists.postgresql.org X-Gm-Message-State: AOJu0Yw+iWJ7FQkwWYw/rjYuhf3YcCOz0jOb1EULrsHek6MJin2oG7iN 6WhEQ3nPgMEMAuYMMfQJqvkPgbdJr4/Za0OR4Sqr8+pYT2LUETEVt8lX7TYVbNTexe3op+Y5u0X 6NyMo+6MAE7mbgEKEmUBQbP5AC7Zk99w= X-Gm-Gg: ASbGnculEPKNwj/nB+nLX71dnnsO3k7qhqEL0qfIUjA21KPQoEobVufUT2q0/++279C nq/0PFoi+D0nCnbNk46Zr2PEzSv2Bt4hrhW7V00SLuvlUnSoLM8E3VuLwX9tyZi8G/zmrtrFYTp +K3cppjnJtWpzQ4l15kyfmm7YXYG5QvbXz1VJeLQWqRIWRp/tIpfw5NIaWGVKR2o/GXi3Y7ApKD Y7Ss84HYm1z6hJ6owF08bX+2hcCab9+cKaDOfgL X-Google-Smtp-Source: AGHT+IHUpLQhyoxf+DrbhB2g63VBeUxpba82RHH4wepuEEetU5JXRiEvGORIwKKBIlB5Vw5icFR+GMLitKcTkmpySmo= X-Received: by 2002:a05:6871:4104:b0:2ff:8978:6be9 with SMTP id 586e51a60fabf-314c6401b24mr1357374fac.16.1755792718600; Thu, 21 Aug 2025 09:11:58 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a05:6802:610b:b0:5df:b5f6:b71 with HTTP; Thu, 21 Aug 2025 09:11:57 -0700 (PDT) In-Reply-To: References: <3662a9b9-3e58-4977-8bd1-e1ed0e25b2a8@aklaver.com> From: "David G. Johnston" Date: Thu, 21 Aug 2025 09:11:57 -0700 X-Gm-Features: Ac12FXy175jpE5GBpNrmC_KjG6x1xyw5k0yhuHbkhYqf1ykY_TRyXL6mDfykga4 Message-ID: Subject: Re: Q: GRANT ... WITH ADMIN on PG 17 To: Karsten Hilbert Cc: Adrian Klaver , "pgsql-general@lists.postgresql.org" Content-Type: multipart/alternative; boundary="0000000000004a9e20063ce259c6" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --0000000000004a9e20063ce259c6 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thursday, August 21, 2025, Karsten Hilbert wrote: > Am Thu, Aug 21, 2025 at 08:46:00AM -0700 schrieb Adrian Klaver: > > > >PG 17 documentation says that using "WITH ADMIN" allows the > > >role being added to another group role to grant/revoke > > >membership in said group to other roles. > > > > I would start by reading this: > > > > https://rhaas.blogspot.com/2023/01/surviving-without- > superuser-coming-to.html > > Thanks, I did, but did not find the answer to: Is there a > way for a role that can manage membership in a group role to > not itself be a member of that group role ? > A superuser can do this. Otherwise, no. In order to be made admin of a role on must be a member of said role - i.e., =E2=80=9Cwith admin=E2=80=9D = is only part of the =E2=80=9Cgrant=E2=80=9D command. You won=E2=80=99t find docs talking a= bout alternatives because they don=E2=80=99t exist. David J. --0000000000004a9e20063ce259c6 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thursday, August 21, 2025, Karsten Hilbert <Karsten.Hilbert@gmx.net> wrote:
Am Thu, Aug 21, 2025 at 08:46:00AM -0700 schrieb Adrian Kla= ver:

> >PG 17 documentation says that using "WITH ADMIN" allows = the
> >role being added to another group role to grant/revoke
> >membership in said group to other roles.
>
> I would start by reading this:
>
> https://rhaas.blogspot.com/2023/= 01/surviving-without-superuser-coming-to.html

Thanks, I did, but did not find the answer to: Is there a
way for a role that can manage membership in a group role to
not itself be a member of that group role ?

A superuser can do this.=C2=A0 Otherwise, = no.=C2=A0 In order to be made admin of a role on must be a member of said r= ole - i.e., =E2=80=9Cwith admin=E2=80=9D is only part of the =E2=80=9Cgrant= =E2=80=9D command.=C2=A0 You won=E2=80=99t find docs talking about alternat= ives because they don=E2=80=99t exist.

David J.

--0000000000004a9e20063ce259c6--