> On Mar 7, 2022, at 12:03 PM, Mark Dilger <mark.dilger@enterprisedb.com> wrote:
>
> Right, but with a reflexive self-admin-option, we could document that it works in a non-inherited way. We'd just be
sayingthe current hard-coded behavior is an option which can be revoked rather than something you're stuck with.
We could also say that the default is to not have admin option on yourself, with that being something grantable, but
thatis a larger change from the historical behavior and might have more consequences for dump/restore, etc.
My concern about just nuking self-admin is that there may be sites which use self-admin and we'd be leaving them
withouta simple work-around after upgrade, because they couldn't restore the behavior by executing a grant. They'd
haveto more fundamentally restructure their role relationships to not depend on self-admin, something which might be
harderfor them to do. Perhaps nobody is using self-admin, or very few people are using it, and I'm being overly
concerned.
—
Mark Dilger
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company