Re: [PATCHES] Roles - SET ROLE Updated

* Tom Lane (tgl@sss.pgh.pa.us) wrote:
> I've committed changes to add a "rolinherit" flag to pg_authid as per
> discussion.  The pg_has_role function now distinguishes USAGE rights
> on a role (do you currently have the privileges of that role) from
> MEMBER rights (do you have the ability to SET ROLE to that role).

Great, thanks.

> A couple of loose ends remain:
>
> * Should is_admin_of_role pay attention to rolinherit?  I suspect it
> should but can't quite face going through the SQL spec again to be sure.
> This only affects the right to GRANT role membership to someone else.
>
> * The information_schema needs another pass to see which pg_has_role
> usages ought to be testing USAGE instead of MEMBER.  I think most of
> them should, but in and around applicable_roles and enabled_roles
> some more thought and spec-reading is needed.

I'll look into what the spec says for these, hopefully anoncvs is
working now...

> I'm planning on doing some documentation work next, and was hoping
> someone else would look at the above items.

Will do.  I'll be using the SQL2003 draft.  Should be able to run these
down later today.
Thanks,
    Stephen