Re: has_privs_of_role vs. is_member_of_role, redux

Robert Haas:
>> I think to change the owner of an object from role A to role B, you just
>> need a different "privilege" on that role B to "use" the role that way,
>> which is distinct from INHERIT or SET ROLE "privileges".
> 
> It's not distinct, though, because if you can transfer ownership of a
> table to another user, you can use that ability to gain the privileges
> of that user.

Right, but the inverse is not neccessarily true, so you could have SET 
ROLE privileges, but not "USAGE" - and then couldn't change the owner of 
an object to this role.

USAGE is not a good term, because it implies "least amount of 
privileges", but in this case it's quite the opposite.

In any case, adding a grant option for SET ROLE, while keeping the 
required privileges for a transfer of ownership at the minimum 
(membership only), doesn't really make sense. I guess both threads 
should be discussed together?

Best

Wolfgang