Re: CREATEROLE and role ownership hierarchies

On 2/1/22 17:27, Mark Dilger wrote:
>
>> On Feb 1, 2022, at 1:10 PM, Andrew Dunstan <andrew@dunslane.net> wrote:
>>
>> The whole 'NOFOO WITH ADMIN OPTION'
>> thing seems to me a bit like a POLA violation. Nevertheless I can
>> probably live with it as long as it's *really* well documented. Even so
>> I suspect it would be too complex for many, and they will just continue
>> to use superusers to create and manage roles if possible.
> I agree with the sentiment, but it might help to distinguish between surprising behavior vs. surprising grammar.
>
> In existing postgresql releases, having CREATEROLE means you can give away most attributes, including ones you
yourselfdon't have (createdb, login).  So we already have the concept of NOFOO WITH ADMIN OPTION, we just don't call it
that. In pre-v8 patches on this thread, I got rid of that; you *must* have the attribute to give it away.  But maybe
thatwas too restrictive, and we need a way to specify, attribute by attribute, how this works.  Is this just a problem
ofsurprising grammar?  Is it surprising behavior?  If the latter, I'm inclined to give up this WIP as having been a bad
move. If the former, I'll try to propose some less objectionable grammar.
 
>  
>

Certainly the grammar would need to be better. But I'm not sure any
grammar that expresses what is supported here is not going to be
confusing, because the underlying scheme seems complex. But I'm
persuadable. I'd like to hear from others on the subject.


cheers


andrew

--
Andrew Dunstan
EDB: https://www.enterprisedb.com