-
Notifications
You must be signed in to change notification settings - Fork 92
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
postgresql_membership doesn't recognize ADMIN, SET and INHERIT options #757
Comments
@HauserV hello, thanks for the feature idea! |
@Andersson007, I would prefer to introduce three separate boolean parameters:
The Since the module doesn't (yet) expose a parameter to specify the (As you can probably see, it took me until I wrote the last paragraph here to understand that my actual problem is due to the conflation of memberships granted by different roles that could be solved by hiding memberships granted by everybody except the role executing the command. Should I split it off to a separate bug ticket?) |
@HauserV thanks for the detailed feedback! SGTM |
@Andersson007, please add the label. I hesitated for a while because I would love to give it a try, but since I couldn't find time to work on this in two weeks, it doesn't make sense to block others any longer. |
@HauserV added, thanks! Check it out from time to time when you have time, some issues stay unresolved long:) |
SUMMARY
Make it possible to control the ADMIN, SET and INHERIT options when GRANTing roles.
ISSUE TYPE
COMPONENT NAME
community.postgresql.postgresql_membership
ADDITIONAL INFORMATION
When a non-superuser creates a role in PostgreSQL 16, it is automatically granted the new role only with ADMIN option set. However, that's not enough to create objects owned by the user. To quote the documentation:
In earlier versions of PostgreSQL, I simply could use the
community.postgresql.postgresql_membership
to grant the new role to the non-superuser, but that doesn't work anymore because the module doesn't do anything now because the grant is there (albeit not with the options I need).In my scenario, I cannot use a superuser to do this (superuser wouldn't receive this automatic grant) because I'm using a managed database as a service.
It seems to me that this is partly a bug report because the module would otherwise run a regular
GRANT
statement which defaults toSET
andINHERIT
options enabled. In my case, however, it doesn't do anything because it sees the implicitGRANT
with theADMIN
option only. There's the obvious workaround to use thecommunity.postgresql.postgresql_query
to apply theGRANT
no matter what, but that's not clean.The text was updated successfully, but these errors were encountered: