On Mon, Aug 1, 2022 at 1:38 PM Tom Lane <t...@sss.pgh.pa.us> wrote: >> I think the latter --- the cfbot thinks the July CF is no longer relevant, > but Jacob hasn't yet moved your patches forward. You could wait for > him to do that, or do it yourself.
Done. New patches attached. Changes in v4, for 0001: - Typo fix. - Whitespace fixes. Changes in v4, for 0002: - Remove "XXX sketchy" comment because the thing in question turns out not to be sketchy. It has to do with the behavior of ALTER GROUP .. DROP USER and, having investigated the situation, I think the messaging is clear enough. - But just to be sure, add a note to the ALTER GROUP documentation to try to make things more clear. - Wording fixes to the "If <literal>GRANTED BY</literal> is specified..." paragraph of the GRANT documentation. I reworded this a bit more extensively than what Stephen proposed. Hopefully this is clearer now, or at least no longer missing any words. - Change message to "admin option cannot be granted back to your own grantor". The choice of message is intended to be consistent with the existing message "grant options cannot be granted back to your own grantor," but while there's one grant option per privilege, there's only one admin option. Stephen suggested adopting a message that I had meant to take out of the version I posted, but which ended up surviving in one place, "grants with admin options cannot be circular". And we could still decide to do something like that, but my enthusiasm for that direction was considerably reduced when I realized that "circular" is not very clear at all, because there are multiple kinds of circularities (role-member, member-grantor). - Fix comment to say DROP_RESTRICT instead of DROP_RECURSE. - Make the comment for check_role_grantor() longer so that it can better explain itself. - Rephrase part of the header comment for initialize_revoke_actions() because Stephen found it awkward. - Whitespace fixes. -- Robert Haas EDB: http://www.enterprisedb.com
v4-0002-Make-role-grant-system-more-consistent-with-other.patch
Description: Binary data
v4-0001-Ensure-that-pg_auth_members.grantor-is-always-val.patch
Description: Binary data
