Home > mailing lists

Re: Orphaned users in PG16 and above can only be managed by Superusers - Mailing list pgsql-hackers

From	Robert Haas
Subject	Re: Orphaned users in PG16 and above can only be managed by Superusers
Date	January 24 00:06:15
Msg-id	CA+TgmoamUHwazAL-qYOVSZX9BSXEa_OMHP2+fVsaPdE9j4RH0g@mail.gmail.com Whole thread Raw
In response to	Re: Orphaned users in PG16 and above can only be managed by Superusers (Andres Freund <andres@anarazel.de>)
Responses	Re: Orphaned users in PG16 and above can only be managed by Superusers
List	pgsql-hackers

Tree view

On Thu, Jan 23, 2025 at 3:51 PM Andres Freund <andres@anarazel.de> wrote:
> I wonder if it's a mistake that a role membership that has WITH ADMIN on
> another role is silently removed if the member role is removed. We e.g. do
> *not* do that for pg_auth_members.grantor:
>
> ERROR:  2BP01: role "r1" cannot be dropped because some objects depend on it
> DETAIL:  privileges for membership of role r2 in role r3

Yeah, I'm not sure about this either, but this is the kind of thing I
was thinking about when I replied before, saying that maybe dropping
role B shouldn't just succeed. Maybe dropping a role that doesn't have
privileges to administer any other role should be different than
dropping one that does.

--
Robert Haas
EDB: http://www.enterprisedb.com

pgsql-hackers by date:

From: Robert Haas
Date: 24 January, 00:03:15
Subject: Re: Orphaned users in PG16 and above can only be managed by Superusers

From: Jeff Davis
Date: 24 January, 00:29:14
Subject: Re: Inconsistent string comparison using modified ICU collations

Re: Orphaned users in PG16 and above can only be managed by Superusers - Mailing list pgsql-hackers

Previous

Next