Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1pszVF-0007dx-P5 for pgsql-hackers@arkaria.postgresql.org; Sun, 30 Apr 2023 05:21:41 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1pszVC-000843-T4 for pgsql-hackers@arkaria.postgresql.org; Sun, 30 Apr 2023 05:21:38 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1pszVC-00083u-Cd for pgsql-hackers@lists.postgresql.org; Sun, 30 Apr 2023 05:21:38 +0000 Received: from mail-yw1-x1131.google.com ([2607:f8b0:4864:20::1131]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1pszV7-005urI-5V for pgsql-hackers@postgresql.org; Sun, 30 Apr 2023 05:21:37 +0000 Received: by mail-yw1-x1131.google.com with SMTP id 00721157ae682-55a10577911so5113627b3.0 for ; Sat, 29 Apr 2023 22:21:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=leadboat.com; s=google; t=1682832091; x=1685424091; h=user-agent:in-reply-to:content-disposition:mime-version:references :message-id:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=6RisURXMPFsjWqP1MXInTh0PmNcEMkaU4KZyfvfAy1Y=; b=ayCcqnBbt3+zQqy+kX+zBi3o4qCWV5S9Tu2jtFJmc8V96nWButcYMEC2oN2vnfjnBc CQ90v5JCUalpuPExK/zE75WqjQM4vmtrsaoVr9EXictdiptMFTMLLr2c7S7mfw0vdx4c RHLJogNRtJrt1b+yFjuhgU3maPh1bV8zLJHug= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1682832091; x=1685424091; h=user-agent:in-reply-to:content-disposition:mime-version:references :message-id:subject:cc:to:from:date:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6RisURXMPFsjWqP1MXInTh0PmNcEMkaU4KZyfvfAy1Y=; b=XkavWMbjaHPwXwLQ3ecHMA9HXJFmieGtSkRrlDwLfCkatJIrNOG9qwpZHpCFBCjGn9 JYti/3nUq2sbN+d+wkWI3aaRCXK0POJNRhRk6GXkRp2EnLC5gK5WBd98ZxdEX/psw0VP su9FGaZOSgpkzyLVqKnewt+Wma1W7H/wl9RIrTD2ZcsYsIj39F5RifPZAh4zygDHCZID Ca+Rzj1+TioKAdaY6FpNjR65Rlc1CssDEZJiKVubOBSgjtYi92gz5qBNoiZZInstusg9 UX2rWxKTEZjNo5lXTiult2CtqcjDqr50GVe85GdiaNHkDXIXgjaCYBhT9H4qBo9jiXMJ 6pwA== X-Gm-Message-State: AC+VfDws2yGL0DGg4qIwcpQppdj2dr5kaPiUvqcW9U0mKscR9iQ91kfA Yut2fBmFiMVNH6+nVwfGiaRVBQ== X-Google-Smtp-Source: ACHHUZ4Fb1ept2yckhWxlcx2ufwVjdAE3bMrzTHCB3nmeT0zyRrtOxyNqhr3UKeSvgjzLgKRUeAeaw== X-Received: by 2002:a0d:d8cf:0:b0:544:5b63:b956 with SMTP id a198-20020a0dd8cf000000b005445b63b956mr8484616ywe.8.1682832091046; Sat, 29 Apr 2023 22:21:31 -0700 (PDT) Received: from rfd.leadboat.com ([2600:1702:a20:5750::2e]) by smtp.gmail.com with ESMTPSA id u4-20020a814704000000b0054c0c9e4043sm2846666ywa.95.2023.04.29.22.21.29 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 29 Apr 2023 22:21:30 -0700 (PDT) Date: Sat, 29 Apr 2023 22:21:27 -0700 From: Noah Misch To: Robert Haas Cc: tushar , Nathan Bossart , Joe Conway , Tom Lane , "Bossart, Nathan" , Stephen Frost , PostgreSQL-development Subject: Re: replacing role-level NOINHERIT with a grant-level option Message-ID: <20230430052127.GA2271597@rfd.leadboat.com> References: <8210e573-c861-fe45-302b-56d7352aae48@enterprisedb.com> <030c1dbf-5a8e-706d-698c-b1cdfcb6ce0f@enterprisedb.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.24 (2015-08-30) List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Thu, Aug 25, 2022 at 10:19:39AM -0400, Robert Haas wrote: > I read through this again and found a comment that needed to be > updated, so I did that, bumped catversion, and committed this. [commit e3ce2de] > @@ -4735,8 +4735,8 @@ initialize_acl(void) > > /* > * In normal mode, set a callback on any syscache invalidation of rows > - * of pg_auth_members (for roles_is_member_of()), pg_authid (for > - * has_rolinherit()), or pg_database (for roles_is_member_of()) > + * of pg_auth_members (for roles_is_member_of()) pg_database (for > + * roles_is_member_of()) > */ > CacheRegisterSyscacheCallback(AUTHMEMROLEMEM, > RoleMembershipCacheCallback, I agree one could remove the "CacheRegisterSyscacheCallback(AUTHOID, ...)". This updated the comment as though the patch were including that removal, but AUTHOID remains. Also, that comment needs s/pg_database/or &/. These sites didn't change in v16 and may or may not warrant change: doc/src/sgml/catalogs.sgml:1522: rolinherit bool doc/src/sgml/system-views.sgml:2585: rolinherit bool src/include/catalog/pg_authid.h:36: bool rolinherit; /* inherit privileges from other roles? */ I likely would leave pg_authid.h as-is but change the doc/ phrases. https://postgr.es/m/17901-93eacb513e503f43%40postgresql.org led me to notice that v16 always inherits the implicit membership in role pg_database_owner, with no way to override like one could in v15. That message's test procedure doesn't "fail" in v16. I think that's fine, but I'm mentioning it since pg_database_owner didn't appear upthread.