PG16 ADMIN OPTION - Pawan Sharma

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Pawan Sharma <[email protected]>
To: [email protected]
Subject: PG16 ADMIN OPTION
Date: Wed, 18 Dec 2024 17:22:32 +0530
Message-ID: <CAKqG8NUgCmPdf2fQh89cn-eTCpTkS=ZgcFad-G9j0bpM9gR7rQ@mail.gmail.com> (raw)

Hello Everyone,

I recently noticed the difference between PG15 and PG16 regarding *CREATEROLE
*and ADMIN OPTION.

Granting the Admin Option to another role is not allowed in PG16, whereas
it was permitted in PG15. Please help me with how we can allow them without
superuser intervention.

PostgreSQL 15:
psql (15.10 (Homebrew), server 15.10 (Homebrew))
Type "help" for help.

postgres=# create role pgtest login createdb createrole;
CREATE ROLE
postgres=# \c postgres pgtest
psql (16.6 (Homebrew), server 15.10 (Homebrew))
You are now connected to database "postgres" as user "pgtest".
postgres=>
postgres=> create role test login;
CREATE ROLE
postgres=>
postgres=> grant pgtest to test  with ADMIN OPTION;
GRANT ROLE
postgres=> \drg
                  List of role grants
 Role name | Member of |       Options       | Grantor
-----------+-----------+---------------------+---------
 test      | pgtest     | ADMIN, INHERIT, SET | pgtest
(1 row)



PostgreSQL 16
psql (16.6 (Homebrew))
Type "help" for help.

postgres=# create role pgtest login createdb createrole;
CREATE ROLE
postgres=# \c postgres pgtest
You are now connected to database "postgres" as user "pgtest".
postgres=> create role test login;
CREATE ROLE
postgres=>
postgres=> grant pgtest to test  with ADMIN OPTION;
ERROR:  permission denied to grant role "admin"
DETAIL:  Only roles with the ADMIN option on role "pgtest" may grant this
role.
postgres=>
postgres=> \drg
              List of role grants
 Role name | Member of | Options |   Grantor
-----------+-----------+---------+-------------
 pgtest     | test      | ADMIN   | pawansharma
(1 row)

postgres=>

Thank you so much.

Regards,
Pawan

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected]
  Subject: Re: PG16 ADMIN OPTION
  In-Reply-To: <CAKqG8NUgCmPdf2fQh89cn-eTCpTkS=ZgcFad-G9j0bpM9gR7rQ@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox