Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1o7lPv-0003Sc-QZ for pgsql-hackers@arkaria.postgresql.org; Sat, 02 Jul 2022 22:16:43 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1o7lPu-0000kY-8j for pgsql-hackers@arkaria.postgresql.org; Sat, 02 Jul 2022 22:16:42 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1o7lPt-0000kM-U5 for pgsql-hackers@lists.postgresql.org; Sat, 02 Jul 2022 22:16:41 +0000 Received: from mail-pj1-x1031.google.com ([2607:f8b0:4864:20::1031]) by makus.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from ) id 1o7lPr-0002sQ-IA for pgsql-hackers@postgresql.org; Sat, 02 Jul 2022 22:16:40 +0000 Received: by mail-pj1-x1031.google.com with SMTP id ju17so774640pjb.3 for ; Sat, 02 Jul 2022 15:16:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=4FdFPYQ82IHLeb8XDOOEFhf5C+0TYpdYlN7ztc0MEu4=; b=JjLqehVliwDzDpW55aZ6dvdyonXymGar+GY4Y/BlSgHnUBlZWUD/3tGizy4zBHGXfu EcYug6QSHpFZHWI/nAvMUGtTaBhTOX4E6v+/i089vmFitI1w6oON9kOiW7JN2tqzLBpX 43PBENVLhWPis1IZ5fBw5iC/D9Ou2nr4cAnY0C6v6l+Gb1Di6GU10YFOzBuEPbs6rpjg Nlod19euxbeL7KUqIheWl3b94kLNlMLx98Uu0iUKScOW0OOijbtobV/rXAcwHFO7M6kp B1jKzK2pAE0iSy4khtAWpAsd77GFFfVqxMpCGQVS9T5FVqsWHfQbUE8c8IlAVsO97MG/ 4PGQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=4FdFPYQ82IHLeb8XDOOEFhf5C+0TYpdYlN7ztc0MEu4=; b=1qUFAv3quK6QY2VaZHxnJJEoZ5/o2BJqYIYVgHtkibML1b1Jzm1x1DSBE53VJa6P3x 10PUSiWKZ5i+7gFRyeXqT04ND7csw5w8xxKsOLBFJEuh48qdBoggePHIW56La/85YVu7 3dihe6e7Qm2ziMxcqjCYsYL0lrXLIVfZTvwPJQboXTW095TcGT8ZzY9zxf+kSw1LEdKP 8r87J2h/sXwAY+PxxNK7RQTbaPpPqtkmuYFKOIwug9tC5V2q2wLgUNCWuzd7l8seLwhp niFcfwzG06ZSsHiGscHTGBubTJZyC1vpZW42ikk3PR4jMqjfPBqMVRQQ1gRX4EV+OAKy rjzQ== X-Gm-Message-State: AJIora+7ENjEZHMx/2ulWX6xLReRsB1icnOEwt5/LyEGB/Uo0no2+MAQ A7vwH1bAhRox+xiwMAfGhaw= X-Google-Smtp-Source: AGRyM1thDzbDFU4XR7UA2rGjLQe6/hSDMSA8qBfOqpGqN8k4BjZ8ViLzxOi2Mt6KhWBM+lUHpfYFoA== X-Received: by 2002:a17:90b:3143:b0:1ec:be03:e0a5 with SMTP id ip3-20020a17090b314300b001ecbe03e0a5mr25637648pjb.30.1656800198236; Sat, 02 Jul 2022 15:16:38 -0700 (PDT) Received: from nathanxps13 ([50.54.155.70]) by smtp.gmail.com with ESMTPSA id u10-20020a170903124a00b0016a01637620sm977133plh.76.2022.07.02.15.16.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 02 Jul 2022 15:16:37 -0700 (PDT) Date: Sat, 2 Jul 2022 15:16:35 -0700 From: Nathan Bossart To: Robert Haas Cc: Joe Conway , Tom Lane , "Bossart, Nathan" , Stephen Frost , PostgreSQL-development Subject: Re: replacing role-level NOINHERIT with a grant-level option Message-ID: <20220702221635.GB1044460@nathanxps13> References: <20220630232931.GA367181@nathanxps13> <20220701025830.GA369935@nathanxps13> <12e2f0cb-08ff-c65f-d31e-76cea1af70ec@joeconway.com> <442d7887-645d-0e31-e971-7a8dc8952d2f@joeconway.com> <20220701211225.GA418166@nathanxps13> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Sat, Jul 02, 2022 at 08:45:50AM -0400, Robert Haas wrote: > I don't think there is a whole lot of point in replacing role-level > flags with predefined roles that work exactly the same way. Maybe > there is some point, but I'm not excited about it. The problem with > these settings in my opinion is that they are too monolithic. Either > you can create any role with basically any privileges or you can > create no roles at all. Either you are a superuser and can bypass all > permissions checks or you are not and can't bypass any permissions > checks. Okay. I see. >> unparenthesized syntax or add WARNINGs when it is used?) For [NO]INHERIT >> and WITH INHERIT DEFAULT, presumably we could do something similar. Down >> the road, those would be removed in favor of only using grant-level >> options. > > I think it'd be hard to do that if WITH INHERIT DEFAULT is actually > state stored in the catalog. Maybe I should revise this again so that > the catalog column is just true or false, and the role-level property > only sets the default for future grants. That might be more like what > Tom had in mind originally. I was thinking that when DEFAULT was removed, pg_dump would just need to generate WITH INHERIT TRUE/FALSE based on the value of rolinherit for older versions. Using the role-level property as the default for future grants seems a viable strategy, although it would break backward compatibility. For example, if I create a NOINHERIT role, grant a bunch of roles to it, and then change it to INHERIT, the role won't begin inheriting the privileges of the roles it is a member of. Right now, it does. -- Nathan Bossart Amazon Web Services: https://aws.amazon.com