Re: Allow +group in pg_ident.conf
От | Nathan Bossart |
---|---|
Тема | Re: Allow +group in pg_ident.conf |
Дата | |
Msg-id | 20230109182408.GA1158011@nathanxps13 обсуждение исходный текст |
Ответ на | Allow +group in pg_ident.conf (Andrew Dunstan <andrew@dunslane.net>) |
Ответы |
Re: Allow +group in pg_ident.conf
|
Список | pgsql-hackers |
On Mon, Jan 09, 2023 at 08:00:26AM -0500, Andrew Dunstan wrote: > + If the <replaceable>database-username</replaceable> begins with a > + <literal>+</literal> character, then the operating system user can login as > + any user belonging to that role, similarly to how user names beginning with > + <literal>+</literal> are treated in <literal>pg_hba.conf</literal>. I would ѕuggest making it clear that this means role membership and not privileges via INHERIT. > - if (case_insensitive) > + if (regexp_pgrole[0] == '+') > + { > + Oid roleid = get_role_oid(pg_role, true); > + if (is_member(roleid, regexp_pgrole +1)) > + *found_p = true; > + } > + else if (case_insensitive) It looks like the is_member() check will always be case-sensitive. Should it respect the value of case_insensitive? If not, I think there should be a brief comment explaining why. -- Nathan Bossart Amazon Web Services: https://aws.amazon.com
В списке pgsql-hackers по дате отправления: