Home > mailing lists

Re: CREATEROLE users vs. role properties - Mailing list pgsql-hackers

From	tushar
Subject	Re: CREATEROLE users vs. role properties
Date	January 19, 2023 11:15:22
Msg-id	0d55df3d-da0e-7960-8bc7-a43355a81c6f@enterprisedb.com Whole thread Raw
In response to	Re: CREATEROLE users vs. role properties (tushar <tushar.ahuja@enterprisedb.com>)
Responses	Re: CREATEROLE users vs. role properties
List	pgsql-hackers

Tree view

On 1/19/23 3:05 PM, tushar wrote:
> which was working previously without patch. 
My bad, I was testing against PG v15 but this issue is not
reproducible on master (without patch).

As you mentioned- "This implements the standard idea that you can't give 
permissions
you don't have (but you can give the ones you do have)" but here the 
role is having
createrole  privilege that he cannot pass on to another user? Is this 
expected?

postgres=# create role fff with createrole;
CREATE ROLE
postgres=# create role xxx;
CREATE ROLE
postgres=# set role fff;
SET
postgres=> alter role xxx with createrole;
ERROR:  permission denied
postgres=>

-- 
regards,tushar
EnterpriseDB  https://www.enterprisedb.com/
The Enterprise PostgreSQL Company

pgsql-hackers by date:

From: vignesh C
Date: 19 January 2023, 11:14:56
Subject: Re: TAP output format in pg_regress

From: Amit Langote
Date: 19 January 2023, 11:16:16
Subject: Re: ExecRTCheckPerms() and many prunable partitions (checkAsUser)

Re: CREATEROLE users vs. role properties - Mailing list pgsql-hackers

Previous

Next