Обсуждение: v16 GRANT role TO role needs a multi-option setting capability
Hey,
GRANT role_name [, ...] TO role_specification [, ...]
[ WITH { ADMIN | INHERIT | SET } { OPTION | TRUE | FALSE } ]
[ GRANTED BY role_specification ]
[ WITH { ADMIN | INHERIT | SET } { OPTION | TRUE | FALSE } ]
[ GRANTED BY role_specification ]
It would be really nice to complete this new feature of INHERIT/SET FALSE/TRUE with a multi-specification capability.
GRANT role_name [, ...] TO role_specification [, ...]
[ WITH { ADMIN | INHERIT | SET } { OPTION | TRUE | FALSE } ] [, ...]
[ GRANTED BY role_specification ]
[ WITH { ADMIN | INHERIT | SET } { OPTION | TRUE | FALSE } ] [, ...]
[ GRANTED BY role_specification ]
i.e., multiple WITH clauses
GRANT admin1, admin2 TO usr1, usr2
WITH ADMIN OPTION,
WITH SET FALSE,
WITH INHERIT TRUE
GRANTED BY createroleuser;
Personally, I'm fine with any given GRANT command of this form having only a single GRANTED BY specification.
David J.
On 23.01.2023 23:09, David G. Johnston wrote:
If I understand properly, the multi-specification capability is supported in the form:
GRANT admin1, admin2 TO usr1, usr2
WITH ADMIN OPTION, SET FALSE, INHERIT TRUE;
But this doesn't seem to be reflected correctly in the documentation.
If I'm not mistaken, the current spec should be like this:
GRANT role_name [, ...] TO role_specification [, ...]
[ WITH [ { ADMIN | INHERIT | SET } { OPTION | TRUE | FALSE } ] [, ...] ]
[ GRANTED BY role_specification ]
By the way, there is suggestion to add role's membership options to the \du+ command.[1]
[1]https://www.postgresql.org/message-id/flat/b9be2d0e-a9bc-0a30-492f-a4f68e4f7740@postgrespro.ru
GRANT role_name [, ...] TO role_specification [, ...]
[ WITH { ADMIN | INHERIT | SET } { OPTION | TRUE | FALSE } ]
[ GRANTED BY role_specification ]It would be really nice to complete this new feature of INHERIT/SET FALSE/TRUE with a multi-specification capability.
If I understand properly, the multi-specification capability is supported in the form:
GRANT admin1, admin2 TO usr1, usr2
WITH ADMIN OPTION, SET FALSE, INHERIT TRUE;
But this doesn't seem to be reflected correctly in the documentation.
If I'm not mistaken, the current spec should be like this:
GRANT role_name [, ...] TO role_specification [, ...]
[ WITH [ { ADMIN | INHERIT | SET } { OPTION | TRUE | FALSE } ] [, ...] ]
[ GRANTED BY role_specification ]
By the way, there is suggestion to add role's membership options to the \du+ command.[1]
[1]https://www.postgresql.org/message-id/flat/b9be2d0e-a9bc-0a30-492f-a4f68e4f7740@postgrespro.ru
-- Pavel Luzanov