Re: [PATCH] Conflation of member/privs for predefined roles

On 10/26/21, 3:50 PM, "Joshua Brindle" <joshua.brindle@crunchydata.com> wrote:
> Generally if a role is granted membership to another role with NOINHERIT
> they must use SET ROLE to access the privileges of that role, however
> with predefined roles the membership and privilege is conflated, as
> demonstrated by:

I think it makes sense that INHERIT/NOINHERIT should be respected for
the predefined roles.  I went through some of the old threads and
commits for predefined roles, and I didn't find any mention of
inheritance, so there might not be a strong reason it was done this
way.

I saw a few places in the docs that will likely need to be updated as
well.  For example, pg_freespacemap has this note:

        By default use is restricted to superusers and members of the pg_stat_scan_tables role.

And I found at least one test (rolenames.sql) that fails due to the
new ERROR message.

Nathan