Re: [HACKERS] roles question

2005-07-09 Thread Joe Conway 

Stephen Frost wrote:


To give 'testuser' the rights of 'testrole' you should do:
grant testrole to testuser;



This is because create role, alter role, alter user, etc, use the
same set of options (since there's a large overlap) in the syntax,
though some things don't make sense for some of those commands.


Ah, that clears things up considerably -- Thanks Stephen!

Joe

---(end of broadcast)---
TIP 2: Don't 'kill -9' the postmaster

Re: [HACKERS] roles question

2005-07-09 Thread Stephen Frost 
* Joe Conway ([EMAIL PROTECTED]) wrote:
> After months of being unable to keep up with what's going on here, I'm 
> trying to educate myself on some of the latest developments. I was 
> playing with roles a bit, and I don't know if I'm doing something wrong, 
> or if I found a hole:

Things have changed a bit (we're more closely following the SQL spec,
for one thing :).

> works fine:
> regression=# create role testrole2 with user testuser;
> CREATE ROLE

I don't think it's actually required (per spec) for us to allow this,
but we do because it makes some sense.

> doesn't work:
> regression=# alter role testrole with user testuser;
> ERROR:  option "rolemembers" not recognized

To give 'testuser' the rights of 'testrole' you should do:
grant testrole to testuser;

> works fine:
> regression=# alter group testrole add user testuser;
> ALTER ROLE

This works for backwards compatibility, really, not because it's
something the 'ALTER ROLE' command is supposted to be able to do.

> doesn't work (no surprise, is a syntax error):
> regression=# alter role testrole add user testuser;
> ERROR:  syntax error at or near "add" at character 21
> LINE 1: alter role testrole add user testuser;

I had made this work in my original patch (iirc) but I believe Tom
dropped it because you really should be using GRANT instead.

> It seems I can create a role with a user, and I can use ALTER GROUP 
> syntax to add a user to a role, but I can't figure out how to add a user 
> to a role using ALTER ROLE.

Using the 'grant role statement', per the SQL spec.

> Similarly, these might be just plain abuse of the new syntax, but appear 
> to be allowed by gram.y:
> 
> regression=# alter user testuser in role testrole;
> ERROR:  option "addroleto" not recognized
> regression=# alter user testuser in group testrole;
> ERROR:  option "addroleto" not recognized

This is because create role, alter role, alter user, etc, use the
same set of options (since there's a large overlap) in the syntax,
though some things don't make sense for some of those commands.

Thanks,

Stephen


signature.asc
Description: Digital signature

[HACKERS] roles question

2005-07-09 Thread Joe Conway 
After months of being unable to keep up with what's going on here, I'm 
trying to educate myself on some of the latest developments. I was 
playing with roles a bit, and I don't know if I'm doing something wrong, 
or if I found a hole:


works fine:
regression=# create role testrole2 with user testuser;
CREATE ROLE

doesn't work:
regression=# alter role testrole with user testuser;
ERROR:  option "rolemembers" not recognized

works fine:
regression=# alter group testrole add user testuser;
ALTER ROLE

doesn't work (no surprise, is a syntax error):
regression=# alter role testrole add user testuser;
ERROR:  syntax error at or near "add" at character 21
LINE 1: alter role testrole add user testuser;

It seems I can create a role with a user, and I can use ALTER GROUP 
syntax to add a user to a role, but I can't figure out how to add a user 
to a role using ALTER ROLE.


Similarly, these might be just plain abuse of the new syntax, but appear 
to be allowed by gram.y:


regression=# alter user testuser in role testrole;
ERROR:  option "addroleto" not recognized
regression=# alter user testuser in group testrole;
ERROR:  option "addroleto" not recognized

Thanks,

Joe

---(end of broadcast)---
TIP 5: don't forget to increase your free space map settings