Thread: New group roles always inherit privileges...
<div class="Section1"><p class="MsoNormal"><font face="Tahoma" size="1"><span style="font-size:9.0pt; font-family:Tahoma">Platform: Windows XP (with SP2)</span></font><p class="MsoNormal"><font face="Tahoma" size="1"><spanstyle="font-size:9.0pt; font-family:Tahoma">Language: en-us</span></font><p class="MsoNormal"><font face="Tahoma" size="1"><span style="font-size:9.0pt; font-family:Tahoma">Distribution: Windows binary installer</span></font><p class="MsoNormal"><font face="Tahoma" size="1"><spanstyle="font-size:9.0pt; font-family:Tahoma">Version: 1.4-rc1</span></font><p class="MsoNormal"><font face="Tahoma" size="1"><span style="font-size:9.0pt; font-family:Tahoma"> </span></font><p class="MsoNormal"><font face="Tahoma" size="1"><span style="font-size:9.0pt; font-family:Tahoma">To reproduce:</span></font><p class="MsoNormal"><font face="Tahoma" size="1"><span style="font-size:9.0pt; font-family:Tahoma"> </span></font><p class="MsoNormal" style="margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1"><fontface="Tahoma" size="1"><span style="font-size:9.0pt;font-family:Tahoma"><span style="mso-list:Ignore">1.<fontface="Times New Roman" size="1"><span style="font:7.0pt "Times New Roman""> </span></font></span></span></font><fontface="Tahoma" size="1"><span style="font-size:9.0pt;font-family:Tahoma">Right-clickon Group Roles, select “New Group Role”.</span></font><p class="MsoNormal"style="margin-left:.5in;text-indent:-.25in;mso-list:l0 level1 lfo1"><font face="Tahoma" size="1"><span style="font-size:9.0pt;font-family:Tahoma"><spanstyle="mso-list:Ignore">2.<font face="Times New Roman" size="1"><span style="font:7.0pt"Times New Roman""> </span></font></span></span></font><font face="Tahoma" size="1"><span style="font-size:9.0pt;font-family:Tahoma">NewGroup Role dialog appears.</span></font><p class="MsoNormal" style="margin-left:.5in;text-indent:-.25in;mso-list:l0level1 lfo1"><font face="Tahoma" size="1"><span style="font-size:9.0pt;font-family:Tahoma"><spanstyle="mso-list:Ignore">3.<font face="Times New Roman" size="1"><span style="font:7.0pt"Times New Roman""> </span></font></span></span></font><font face="Tahoma" size="1"><span style="font-size:9.0pt;font-family:Tahoma">Enter“test” for role name, leave all privilege settings cleared & click OK. Dialog closes, new group role created.</span></font><p class="MsoNormal" style="margin-left:.5in;text-indent:-.25in;mso-list:l0level1 lfo1"><font face="Tahoma" size="1"><span style="font-size:9.0pt;font-family:Tahoma"><spanstyle="mso-list:Ignore">4.<font face="Times New Roman" size="1"><span style="font:7.0pt"Times New Roman""> </span></font></span></span></font><font face="Tahoma" size="1"><span style="font-size:9.0pt;font-family:Tahoma">Clickon “test” under “Group Roles” (expand latter and refresh if necessary). Under“Properties” tab in the upper right-hand window frame, you will see “Inherits?” Yes – even though this setting wasleft cleared when creating the group role.</span></font><p class="MsoNormal"><font face="Tahoma" size="1"><span style="font-size:9.0pt; font-family:Tahoma"> </span></font><p class="MsoNormal"><font face="Tahoma" size="1"><span style="font-size:9.0pt; font-family:Tahoma">Problem is that, when creating a new group role, the SQL produced is either:</span></font><p class="MsoNormal"><fontface="Tahoma" size="1"><span style="font-size:9.0pt; font-family:Tahoma"> </span></font><p class="MsoNormal"><font face="Tahoma" size="1"><span style="font-size:9.0pt; font-family:Tahoma">CREATE ROLE somegrouprole</span></font><p class="MsoNormal"><font face="Tahoma" size="1"><span style="font-size:9.0pt; font-family:Tahoma"> VALID UNTIL ‘infinity’;</span></font><p class="MsoNormal"><font face="Tahoma" size="1"><span style="font-size:9.0pt; font-family:Tahoma"> </span></font><p class="MsoNormal"><font face="Tahoma" size="1"><span style="font-size:9.0pt; font-family:Tahoma">(if the “Inherits rights from parent roles” Role Privilege is clear) or</span></font><p class="MsoNormal"><fontface="Tahoma" size="1"><span style="font-size:9.0pt; font-family:Tahoma"> </span></font><p class="MsoNormal"><font face="Tahoma" size="1"><span style="font-size:9.0pt; font-family:Tahoma">CREATE ROLE somegrouprole</span></font><p class="MsoNormal"><font face="Tahoma" size="1"><span style="font-size:9.0pt; font-family:Tahoma"> INHERIT</span></font><p class="MsoNormal"><font face="Tahoma" size="1"><span style="font-size:9.0pt; font-family:Tahoma"> VALID UNTIL ‘infinity’;</span></font><p class="MsoNormal"><font face="Tahoma" size="1"><span style="font-size:9.0pt; font-family:Tahoma"> </span></font><p class="MsoNormal"><font face="Tahoma" size="1"><span style="font-size:9.0pt; font-family:Tahoma">(if the</span></font><font face="Tahoma" size="1"><span style="font-size:9.0pt;font-family:Tahoma"> “Inheritsrights from parent roles” Role Privilege is set).</span></font><p class="MsoNormal"><font face="Tahoma" size="1"><spanstyle="font-size:9.0pt; font-family:Tahoma"> </span></font><p class="MsoNormal"><font face="Tahoma" size="1"><span style="font-size:9.0pt; font-family:Tahoma">The latter is fine, but since PostgreSQL supplies INHERIT as a default, the former should read:</span></font><pclass="MsoNormal"><font face="Tahoma" size="1"><span style="font-size:9.0pt; font-family:Tahoma"> </span></font><p class="MsoNormal"><font face="Tahoma" size="1"><span style="font-size:9.0pt; font-family:Tahoma">CREATE ROLE somegrouprole</span></font><p class="MsoNormal"><font face="Tahoma" size="1"><span style="font-size:9.0pt; font-family:Tahoma"> NOINHERIT</span></font><p class="MsoNormal"><font face="Tahoma" size="1"><span style="font-size:9.0pt; font-family:Tahoma"> VALID UNTIL ‘infinity’;</span></font><p class="MsoNormal"><font face="Tahoma" size="1"><span style="font-size:9.0pt; font-family:Tahoma"> </span></font><p class="MsoNormal"><font face="Tahoma" size="1"><span style="font-size:9.0pt; font-family:Tahoma">----</span></font><p class="MsoNormal"><font face="Tahoma" size="1"><span style="font-size:9.0pt; font-family:Tahoma">Mike</span></font><p class="MsoNormal"><font face="Tahoma" size="1"><span style="font-size:9.0pt; font-family:Tahoma"> </span></font><p class="MsoNormal"><font face="Tahoma" size="1"><span style="font-size:9.0pt; font-family:Tahoma">Simulation Engineers do it with models virtually every day!</span></font></div>
From: pgadmin-support-owner@postgresql.org [mailto:pgadmin-support-owner@postgresql.org] On Behalf Of Allen, Mike
Sent: 04 November 2005 17:00
To: pgadmin-support@postgresql.org
Subject: [pgadmin-support] New group roles always inherit privileges...Platform: Windows XP (with SP2)
Language: en-us
Distribution: Windows binary installer
Version: 1.4-rc1
To reproduce:
1. Right-click on Group Roles, select “New Group Role”.
2. New Group Role dialog appears.
3. Enter “test” for role name, leave all privilege settings cleared & click OK. Dialog closes, new group role created.
4. Click on “test” under “Group Roles” (expand latter and refresh if necessary). Under “Properties” tab in the upper right-hand window frame, you will see “Inherits?” Yes – even though this setting was left cleared when creating the group role.
Problem is that, when creating a new group role, the SQL produced is either:
CREATE ROLE somegrouprole
VALID UNTIL ‘infinity’;
(if the “Inherits rights from parent roles” Role Privilege is clear) or
CREATE ROLE somegrouprole
INHERIT
VALID UNTIL ‘infinity’;
(if the “Inherits rights from parent roles” Role Privilege is set).
The latter is fine, but since PostgreSQL supplies INHERIT as a default, the former should read:
CREATE ROLE somegrouprole
NOINHERIT
VALID UNTIL ‘infinity’;
Thanks Mike - fixed in SVN, just in time for release :-)
Regards, Dave