Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nwoS6-0000ek-55 for pgsql-hackers@arkaria.postgresql.org; Thu, 02 Jun 2022 17:17:42 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1nwoS4-0008EK-FX for pgsql-hackers@arkaria.postgresql.org; Thu, 02 Jun 2022 17:17:40 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nwoS4-0008EA-68 for pgsql-hackers@lists.postgresql.org; Thu, 02 Jun 2022 17:17:40 +0000 Received: from sss.pgh.pa.us ([66.207.139.130]) by magus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nwoS2-0001sE-6o for pgsql-hackers@postgresql.org; Thu, 02 Jun 2022 17:17:39 +0000 Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1]) by sss.pgh.pa.us (8.15.2/8.15.2) with ESMTP id 252HHVi31066203; Thu, 2 Jun 2022 13:17:31 -0400 From: Tom Lane To: Robert Haas cc: Joe Conway , "Bossart, Nathan" , Stephen Frost , PostgreSQL-development Subject: Re: replacing role-level NOINHERIT with a grant-level option In-reply-to: References: <20211108204449.GO20998@tamriel.snowman.net> <5F9388A2-35EA-4DAA-BE05-68D55EEA6DC3@amazon.com> <0ED10807-9E7F-4BB5-9473-4668EE68AE2D@amazon.com> <4117557.1641329799@sss.pgh.pa.us> <730520.1644168290@sss.pgh.pa.us> <80af9ba7-ec24-9134-8fd9-00bf13f5c494@joeconway.com> Comments: In-reply-to Robert Haas message dated "Thu, 02 Jun 2022 12:26:48 -0400" MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-ID: <1066201.1654190251.1@sss.pgh.pa.us> Date: Thu, 02 Jun 2022 13:17:31 -0400 Message-ID: <1066202.1654190251@sss.pgh.pa.us> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk Robert Haas writes: > Is this a kind of change people would support? Here's a quick sketch: > 1. Extend the GRANT role_name TO role_name [ WITH ADMIN OPTION ] with > a new, optional clause, something like WITH NO INHERIT or WITH > NOINHERIT or WITHOUT INHERIT. > 2. Remove the INHERIT | NOINHERIT flag from CREATE ROLE and ALTER ROLE. > 3. Replace pg_authid.rolinherit with pg_auth_members.inherit. Any > place where we would have considered rolinherit, instead consider the > inherit flag for the particular pg_auth_members entry at issue. > 4. When dumping from an old version, dump all grants to NOINHERIT > roles as non-inheritable grants. Point 2 would cause every existing pg_dumpall script to fail, which seems like kind of a large gotcha. Less unpleasant alternatives could include * Continue to accept the syntax, but ignore it, maybe with a WARNING for the alternative that doesn't correspond to the new behavior. * Keep pg_authid.rolinherit, and have it act as supplying the default behavior for subsequent GRANTs to that role. Perhaps there are other ways. regards, tom lane