I notice that AddRoleMems/DelRoleMems assume that ADMIN OPTION is not
inherited indirectly; that is it must be granted directly to you.
This seems wrong; SQL99 has under <privileges>
19) B has the WITH ADMIN OPTION on a role if a role authorization
descriptor identifies the role as granted to B WITH ADMIN OPTION
or a role authorization descriptor identifies it as granted WITH
ADMIN OPTION to another applicable role for B.
and in the Access Rules for <grant role statement>
1) Every role identified by <role granted> shall be contained
in the applicable roles for A and the corresponding role
authorization descriptors shall specify WITH ADMIN OPTION.
I can't see any support in the spec for the idea that WITH ADMIN OPTION
doesn't flow through role memberships in the same way as ordinary
membership; can you quote someplace that implies this?
regards, tom lane
---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
