Re: role self-revocation

[Mark Dilger]

> On Mar 7, 2022, at 12:01 PM, Robert Haas <robertmh...@gmail.com> wrote:
> 
> It's been pointed out upthread that this would have undesirable
> security implications, because the admin option would be inherited,
> and the implicit permission isn't.

Right, but with a reflexive self-admin-option, we could document that it works 
in a non-inherited way.  We'd just be saying the current hard-coded behavior is 
an option which can be revoked rather than something you're stuck with.

—
Mark Dilger
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company