Re: Orphaned users in PG16 and above can only be managed by Superusers

Hi,

On Fri, Mar 7, 2025 at 10:55 PM Nathan Bossart <nathandbossart@gmail.com> wrote:
>
> I noticed that much of this code is lifted from DropRole(), and the new
> check_drop_role_dependency() function is only used by DropRole() right
> before it does the exact same scans.  Couldn't we put the new dependency
> detection in those existing scans in DropRole()?
>

It can be done, but mixing the code that checks for the drop role
dependency with the code that removes entries for the role being
dropped from pg_auth_members could reduce clarity and precision. This
is more of a sanity check which I felt was necessary before we proceed
with actually dropping the role, starting with the deletion of drop
role entries from the system catalogs. I’m aware there’s some code
duplication, but I think it should be fine.

--
With Regards,
Ashutosh Sharma.