Обсуждение: v16 GRANT role TO role needs a multi-option setting capability

Поиск
Список
Период
Сортировка

v16 GRANT role TO role needs a multi-option setting capability

От
"David G. Johnston"
Дата:
Hey,

GRANT role_name [, ...] TO role_specification [, ...]
    [ WITH { ADMIN | INHERIT | SET } { OPTION | TRUE | FALSE } ]
    [ GRANTED BY role_specification ]

It would be really nice to complete this new feature of INHERIT/SET FALSE/TRUE with a multi-specification capability.

GRANT role_name [, ...] TO role_specification [, ...]
    [ WITH { ADMIN | INHERIT | SET } { OPTION | TRUE | FALSE } ] [, ...]
    [ GRANTED BY role_specification ]

i.e., multiple WITH clauses

GRANT admin1, admin2 TO usr1, usr2
WITH ADMIN OPTION,
WITH SET FALSE,
WITH INHERIT TRUE
GRANTED BY createroleuser;

Personally, I'm fine with any given GRANT command of this form having only a single GRANTED BY specification.

David J.

Re: v16 GRANT role TO role needs a multi-option setting capability

От
Pavel Luzanov
Дата:
On 23.01.2023 23:09, David G. Johnston wrote:
GRANT role_name [, ...] TO role_specification [, ...]
    [ WITH { ADMIN | INHERIT | SET } { OPTION | TRUE | FALSE } ]
    [ GRANTED BY role_specification ]

It would be really nice to complete this new feature of INHERIT/SET FALSE/TRUE with a multi-specification capability.

If I understand properly, the multi-specification capability is supported in the form:

GRANT admin1, admin2 TO usr1, usr2
WITH ADMIN OPTION, SET FALSE, INHERIT TRUE;

But this doesn't seem to be reflected correctly in the documentation.
If I'm not mistaken, the current spec should be like this:

GRANT role_name [, ...] TO role_specification [, ...]
    [ WITH [ { ADMIN | INHERIT | SET } { OPTION | TRUE | FALSE } ] [, ...] ]
    [ GRANTED BY role_specification ]

By the way, there is suggestion to add role's membership options to the \du+ command.[1]

[1]https://www.postgresql.org/message-id/flat/b9be2d0e-a9bc-0a30-492f-a4f68e4f7740@postgrespro.ru
 
-- 
Pavel Luzanov