* Joe Conway ([EMAIL PROTECTED]) wrote:
After months of being unable to keep up with what's going on here, I'm
trying to educate myself on some of the latest developments. I was
playing with roles a bit, and I don't know if I'm doing something wrong,
or if I found a hole:
Things have changed a bit (we're more closely following the SQL spec,
for one thing :).
works fine:
regression=# create role testrole2 with user testuser;
CREATE ROLE
I don't think it's actually required (per spec) for us to allow this,
but we do because it makes some sense.
doesn't work:
regression=# alter role testrole with user testuser;
ERROR: option rolemembers not recognized
To give 'testuser' the rights of 'testrole' you should do:
grant testrole to testuser;
works fine:
regression=# alter group testrole add user testuser;
ALTER ROLE
This works for backwards compatibility, really, not because it's
something the 'ALTER ROLE' command is supposted to be able to do.
doesn't work (no surprise, is a syntax error):
regression=# alter role testrole add user testuser;
ERROR: syntax error at or near add at character 21
LINE 1: alter role testrole add user testuser;
I had made this work in my original patch (iirc) but I believe Tom
dropped it because you really should be using GRANT instead.
It seems I can create a role with a user, and I can use ALTER GROUP
syntax to add a user to a role, but I can't figure out how to add a user
to a role using ALTER ROLE.
Using the 'grant role statement', per the SQL spec.
Similarly, these might be just plain abuse of the new syntax, but appear
to be allowed by gram.y:
regression=# alter user testuser in role testrole;
ERROR: option addroleto not recognized
regression=# alter user testuser in group testrole;
ERROR: option addroleto not recognized
This is because create role, alter role, alter user, etc, use the
same set of options (since there's a large overlap) in the syntax,
though some things don't make sense for some of those commands.
Thanks,
Stephen
signature.asc
Description: Digital signature