Re: Backward compat issue with v16 around ROLEs
| От | Pavel Luzanov |
|---|---|
| Тема | Re: Backward compat issue with v16 around ROLEs |
| Дата | |
| Msg-id | 4308abb3-269e-4cee-a48f-c95d49ede6c2@postgrespro.ru обсуждение исходный текст |
| Ответ на | Re: Backward compat issue with v16 around ROLEs ("David G. Johnston" <david.g.johnston@gmail.com>) |
| Ответы |
Re: Backward compat issue with v16 around ROLEs
|
| Список | pgsql-general |
On 11.09.2024 22:21, David G. Johnston wrote:
> ddevienne=> grant dd_owner to dd_admin with admin option; -- <<<<<<<<
I think this needs to be the other way around:
grant dd_admin to dd_owner with admin option;
Best,
WolfgangProbably, intend to get those reversed and wasn't in a position to experiment. In any case fixing the with admin error is the correct approach.
Unfortunately, it won't work. Dominique is right. This will lead to circularities. After this grant:
grant dd_owner to dd_admin;
reverse grant is not possible. I think this is a migration issue for v16 and it is not mentioned in release notes. I didn't quite understand the exact purpose of the roles dd_owner and dd_admin. But a possible way is to use dd_admin to create roles. For example: create role dd_admin login createrole; \c - dd_admin create role dd_owner noinherit; create role dd_user login; grant dd_owner to dd_user; \c - dd_user set role dd_owner;
-- Pavel Luzanov Postgres Professional: https://postgrespro.com
В списке pgsql-general по дате отправления: