Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1qTteC-00B2Rf-44 for pgsql-hackers@arkaria.postgresql.org; Thu, 10 Aug 2023 00:35:28 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1qTteA-009XmF-CQ for pgsql-hackers@arkaria.postgresql.org; Thu, 10 Aug 2023 00:35:26 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1qTteA-009Xm7-3V for pgsql-hackers@lists.postgresql.org; Thu, 10 Aug 2023 00:35:26 +0000 Received: from momjian.us ([72.94.173.45]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1qTte6-001ULh-S0 for pgsql-hackers@postgresql.org; Thu, 10 Aug 2023 00:35:25 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=momjian.us; s=2023062407; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID: Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description; bh=tv0XakQF4kGY9bj+pzFNrVmLtjer0ePBdLPGd/fldv0=; b=0Fw6D P3kBjv1sB5MFtb44ke9dchhBvwvV2kuIkrW4szlii+eQJbchitPM3d6RSa0s1ptPqG+vOp04nbj+Q 691qpKtApRJYyvWcoJvTP575Sz94AaxmArykE8cYZ5vZ4mUPlJNGrO5hQHkwMAyCB/4XPE5n+mcMg I9bhmXcXYotRow2+cs7AL42VhSmFWvKIFyo8e2G8h9Nfgm73EJQZv0S85tzsK+a9if6WUw9j5do// kBVkZmV03TANqfU/XRXKiRriPefmDIz77s5PXFUKcVdHY5Ue+1wlJGKzbOZcW2GOwpQdN2b1bI6d6 GLGtArIrFcwqZxL9TUbCfDjMnW/Kg==; Received: from bruce by momjian.us with local (Exim 4.96) (envelope-from ) id 1qTte5-00Cnef-0M; Wed, 09 Aug 2023 20:35:21 -0400 Date: Wed, 9 Aug 2023 20:35:21 -0400 From: Bruce Momjian To: Noah Misch Cc: PostgreSQL-development , Robert Haas Subject: Re: PG 16 draft release notes ready Message-ID: References: <20230805230847.GA1370050@rfd.leadboat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230805230847.GA1370050@rfd.leadboat.com> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Sat, Aug 5, 2023 at 04:08:47PM -0700, Noah Misch wrote: > > Author: Robert Haas > > 2022-08-25 [e3ce2de09] Allow grant-level control of role inheritance behavior. > > --> > > > > > > > > Allow GRANT to control role inheritance behavior (Robert Haas) > > > > > > > > By default, role inheritance is controlled by the inheritance status of the member role. The new GRANT clauses WITH INHERIT and WITH ADMIN can now override this. > > > > > > > > > > > > > > > > Allow roles that create other roles to automatically inherit the new role's rights or SET ROLE to the new role (Robert Haas, Shi Yu) > > > > > > > > This is controlled by server variable createrole_self_grant. > > > > > > Similarly, v16 radically changes the CREATE ROLE ... WITH INHERIT clause. The > clause used to "change the behavior of already-existing grants." Let's merge > these two and move the combination to the incompatibilities section. I need help with this. I don't understand how they can be combined, and I don't understand the incompatibility text in commit e3ce2de09d: If a GRANT does not specify WITH INHERIT, the behavior based on whether the member role is marked INHERIT or NOINHERIT. This means that if all roles are marked INHERIT or NOINHERIT before any role grants are performed, the behavior is identical to what we had before; otherwise, it's different, because ALTER ROLE [NO]INHERIT now only changes the default behavior of future grants, and has no effect on existing ones. -- Bruce Momjian https://momjian.us EDB https://enterprisedb.com Only you can decide what is important to you.