Hi. With pg_has_role(), I can use USAGE for access right now, or MEMBER for "possible" access after a SET ROLE. I.e. I can see GRANT INHERIT'ance in action.
But with has_schema_privilege(..., 'USAGE'), I can only check the "right now" case. But I'd like to be able to take "indirect USAGE" into account, via non-INHERIT'ed ROLE membership. To mirror what pg_has_role() provides. Could there be an extra argument to check for INHERIT and GRANTABLE? Or variation in the string it accept to allow checking for those? E.g. you can check for ADMIN OPTION (i.e. regrantable) with pg_has_role(). But you can't with has_schema_privilege() (or other ACL-based object classes). Basically I'd wish for inheritance and grantable aware has_xyz_privilege(), similar to pg_has_role(). Any chance this might land eventually? Am I the only one who uses ROLEs that extensively and thus feels that need? Baring the above, any way to similute it in SQL? --DD
