On Thu, Jan 19, 2023 at 8:34 PM Robert Haas <robertmh...@gmail.com> wrote:
> On Thu, Jan 19, 2023 at 6:15 AM tushar <tushar.ah...@enterprisedb.com> > wrote: > > postgres=# create role fff with createrole; > > CREATE ROLE > > postgres=# create role xxx; > > CREATE ROLE > > postgres=# set role fff; > > SET > > postgres=> alter role xxx with createrole; > > ERROR: permission denied > > postgres=> > > Here fff would need ADMIN OPTION on xxx to be able to make modifications > to it. > > See > https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=cf5eb37c5ee0cc54c80d95c1695d7fca1f7c68cb Thanks, Robert, that was helpful. Please refer to this scenario where I am able to give createrole privileges but not replication privilege to role postgres=# create role t1 createrole; CREATE ROLE postgres=# create role t2 replication; CREATE ROLE postgres=# create role t3; CREATE ROLE postgres=# grant t3 to t1,t2 with admin option; GRANT ROLE postgres=# set session authorization t1; SET *postgres=> alter role t3 createrole ;ALTER ROLE* postgres=> set session authorization t2; SET postgres=> alter role t3 replication; ERROR: permission denied This same behavior was observed in v14 as well but why i am able to give createrole grant but not replication? regards,
