> On Mar 7, 2022, at 12:01 PM, Robert Haas <robertmh...@gmail.com> wrote: > > It's been pointed out upthread that this would have undesirable > security implications, because the admin option would be inherited, > and the implicit permission isn't. Right, but with a reflexive self-admin-option, we could document that it works in a non-inherited way. We'd just be saying the current hard-coded behavior is an option which can be revoked rather than something you're stuck with. — Mark Dilger EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company
- Re: role self-revocation Robert Haas
- Re: role self-revocation Robert Haas
- Re: role self-revocation David G. Johnston
- Re: role self-revocation Tom Lane
- Re: role self-revocation David G. Johnston
- Re: role self-revocation Robert Haas
- Re: role self-revocation Tom Lane
- Re: role self-revocation Robert Haas
- Re: role self-revocation Mark Dilger
- Re: role self-revocation Robert Haas
- Re: role self-revocation Mark Dilger
- Re: role self-revocation Mark Dilger
- Re: role self-revocation Tom Lane
- Re: role self-revocation David G. Johnston
- Re: role self-revocation Mark Dilger
- Re: role self-revocation Robert Haas
- Re: role self-revocation Tom Lane
- Re: role self-revocation Robert Haas
- Re: role self-revocation Stephen Frost
- Re: role self-revocation Tom Lane
- Re: role self-revocation David G. Johnston