Pavel Luzanov
Cc: Laurenz Albe ; Karsten Hilbert
; pgsql-general@lists.postgresql.org
Subject: Re: Q: GRANT ... WITH ADMIN on PG 17
Caution: This email was sent from an external source. Please verify the
sender’s identity before clicking links or opening attachments.
On Mon, Aug 25, 2025 at
On Mon, Aug 25, 2025 at 2:22 PM Pavel Luzanov wrote:
>> On 22.08.2025 11:40, Laurenz Albe wrote:
>> Yes, that should work as follows: [...]
> [...] A safer option is to use security definer function to grant membership
FWIW, it's basically what I did.
My primary "admin" application role lost CR
On 22.08.2025 11:40, Laurenz Albe wrote:
- gm-dbo: user role for a DBA admin (not! superuser)
- gm-bones: user role for a LLAP doctor
- gm-doctors: group role for doctors, upon which are resting
access permissions for clinical data
- gm-bones is to be a member of gm-doctors in order to access
On Thu, 2025-08-21 at 17:36 +0200, Karsten Hilbert wrote:
> PG 17 documentation says that using "WITH ADMIN" allows the
> role being added to another group role to grant/revoke
> membership in said group to other roles.
>
> Does this imply that an ADMIN role _must_ itself be a member
> of the grou
On 8/21/25 09:29, Dominique Devienne wrote:
On Thu, Aug 21, 2025 at 6:00 PM Karsten Hilbert wrote:
Am Thu, Aug 21, 2025 at 08:46:00AM -0700 schrieb Adrian Klaver:
https://rhaas.blogspot.com/2023/01/surviving-without-superuser-coming-to.html
Thanks, I did, but did not find the answer to: Is t
Dear all,
PG 17 documentation says that using "WITH ADMIN" allows the
role being added to another group role to grant/revoke
membership in said group to other roles.
Does this imply that an ADMIN role _must_ itself be a member
of the group role it is to maintain membership of ?
The question aris
On 8/21/25 08:36, Karsten Hilbert wrote:
Dear all,
PG 17 documentation says that using "WITH ADMIN" allows the
role being added to another group role to grant/revoke
membership in said group to other roles.
I would start by reading this:
https://rhaas.blogspot.com/2023/01/surviving-without-su
Am Thu, Aug 21, 2025 at 09:11:57AM -0700 schrieb David G. Johnston:
> > Thanks, I did, but did not find the answer to: Is there a
> > way for a role that can manage membership in a group role to
> > not itself be a member of that group role ?
>
> A superuser can do this. Otherwise, no. In order
Am Thu, Aug 21, 2025 at 06:29:36PM +0200 schrieb Dominique Devienne:
> > Thanks, I did, but did not find the answer to: Is there a
> > way for a role that can manage membership in a group role to
> > not itself be a member of that group role ?
>
> Yes and no. Depends what you mean by MEMBER...
..
On Thu, Aug 21, 2025 at 6:37 PM Karsten Hilbert wrote:
> Am Thu, Aug 21, 2025 at 06:29:36PM +0200 schrieb Dominique Devienne:
> > > Thanks, I did, but did not find the answer to: Is there a
> > > way for a role that can manage membership in a group role to
> > > not itself be a member of that grou
On Thu, Aug 21, 2025 at 6:00 PM Karsten Hilbert wrote:
> Am Thu, Aug 21, 2025 at 08:46:00AM -0700 schrieb Adrian Klaver:
> > https://rhaas.blogspot.com/2023/01/surviving-without-superuser-coming-to.html
>
> Thanks, I did, but did not find the answer to: Is there a
> way for a role that can manage
On Thursday, August 21, 2025, Karsten Hilbert
wrote:
> Am Thu, Aug 21, 2025 at 08:46:00AM -0700 schrieb Adrian Klaver:
>
> > >PG 17 documentation says that using "WITH ADMIN" allows the
> > >role being added to another group role to grant/revoke
> > >membership in said group to other roles.
> >
>
Am Thu, Aug 21, 2025 at 08:46:00AM -0700 schrieb Adrian Klaver:
> >PG 17 documentation says that using "WITH ADMIN" allows the
> >role being added to another group role to grant/revoke
> >membership in said group to other roles.
>
> I would start by reading this:
>
> https://rhaas.blogspot.com/2
13 matches
Mail list logo
