Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1via8i-00ALsI-1H for pgsql-bugs@arkaria.postgresql.org; Wed, 21 Jan 2026 15:29:00 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1via8g-007nuH-1Q for pgsql-bugs@arkaria.postgresql.org; Wed, 21 Jan 2026 15:28:58 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1via8g-007nu8-0R for pgsql-bugs@lists.postgresql.org; Wed, 21 Jan 2026 15:28:58 +0000 Received: from mail-ot1-x32e.google.com ([2607:f8b0:4864:20::32e]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1via8d-001c53-31 for pgsql-bugs@lists.postgresql.org; Wed, 21 Jan 2026 15:28:57 +0000 Received: by mail-ot1-x32e.google.com with SMTP id 46e09a7af769-7cfcebf1725so4190820a34.1 for ; Wed, 21 Jan 2026 07:28:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1769009336; x=1769614136; darn=lists.postgresql.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=NguVp+n48HyYAbZK11wulcwtd+Q2m6hBd2LChVJRjcY=; b=MlpRFxaHIKhQdKcRqc7CQjJdGImwssi6BwYbp8CavSTfYOSHU+xNYhBJopJc7dliUX pm1uk+we7q32BYpkALp/PLjrEUGcyCgoHNJfdNtMtVVMiX56mao8cka0+6voUAt8dq2l mhbeK7UfLVpJPGzRZXLoIkqDlnj7dNLMdtwgN11HZLto7z00PRIqVO8qvR2DfnLR/keW ifmGot36QEOSCe/aut7EDFYoxI/W6xvVXku8wFj1vNLv1R+WDYskgCK/a2I27I6bHaee /VmYmFg+CgBvni7WKb65VmK3dvuoYmgixZ80vyVHFKnbmiJuyQJavnZ6UXU+iBUGBlfD mKnA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1769009336; x=1769614136; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=NguVp+n48HyYAbZK11wulcwtd+Q2m6hBd2LChVJRjcY=; b=K/KwmdFcFcIJtZVcuvzeaa+YI8M6ML+MpvgBTVm5k4xVaJaDtsHRbmbFsnxXhcjuNl /SK8J4/nwGL/uo/Ay+TOXtHxBv4Ac+UiiHIkgXGiXfwP1EcGkpEUVwiF8tGIUvhSLANw ueGtpLNwDxU9WLoT9dkqyjFshXNX/DI88jDdZ5vm5ImfgPcctgMepQLJi+ssOMIHlWPw MtkgPqhyp2LCU+QOERD25QD7NEuDo275GM/cfGSqiOzavlD/GNAM5eLzDo07cW2kc6vX dzcg0jmhQ8RtppbiIa7l9aw0M/dLoT7i3BBX708p1jH0pdg4hzMNr0FyIzipSz+ZjbK4 r7aQ== X-Forwarded-Encrypted: i=1; AJvYcCVfh6769uiPtdib2TbYddigQHMWYzsf059meihkxnVIDk0s132vCb9T+tY9KTUGHQotzwytzqoxFO05@lists.postgresql.org X-Gm-Message-State: AOJu0YzXrCtpdkV32kUBnuz5hIZUG5p39F4OPJOsFXXBmq2mNB1bbpt8 9inPlM1tWcHDugqZHzNFtnRboyvHEyXs5PftPNM2O5BFgIH3sNAXCs9d X-Gm-Gg: AZuq6aKGZCIkqus8cCDOkLITWAF2gcYXKV4N9HEGLXaMDEpiX+KAQdBTYDy5kkDHGzq Qo10N00EIu0X3MmXTATgaGi2o9IoynjE8djW4+q2hoH+gAK3EixYG3cu2w6MtYOLI+EMQMaNAfQ +8jl5ZvgixIxwLQWWrF/n6G+oR0tv6+J6FpOUWmjn91S+2mF0ln/WF0FHy+bBiFDIDJH2CFiK9j XBieOn38OkUW0JKyh9SB2wA00WBbN5smjvROUFwo2X6cbgScqjpimQcamdfqJFGkWThU/+NQaFx 6wS9vMKdrBU4fQgFVPRoy7SS0iFtAzLxF89OQgWefxS5UDIuZ/+nl630O37RkUoCq6+aYiWtLy7 HkmgkBOvHJxBla++GJqsENhJy53zEWJbeWwGh6TDaDqwH7TsSb6QvrHqlx24n1Lmh/PDA3JiNdZ Tz6QT2GbinmYJSqqlhqbNfqNS8sE1mA/yoW2pwV5c2Wgz8K6zHCx1lMCnTaHnq/FZhcfm6c2aHz MVq6gKsRQ== X-Received: by 2002:a05:6830:6586:b0:7cf:d2f3:af8a with SMTP id 46e09a7af769-7d140ac1cfcmr2358050a34.28.1769009335859; Wed, 21 Jan 2026 07:28:55 -0800 (PST) Received: from nathan (162-195-168-172.lightspeed.stlsmo.sbcglobal.net. [162.195.168.172]) by smtp.gmail.com with ESMTPSA id 46e09a7af769-7cfdf28efefsm10421382a34.14.2026.01.21.07.28.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 21 Jan 2026 07:28:55 -0800 (PST) Date: Wed, 21 Jan 2026 09:28:53 -0600 From: Nathan Bossart To: Tom Lane Cc: "David G. Johnston" , "Ing. Marijo Kristo" , PostgreSQL Bug List Subject: Re: Revoke Connect Privilege from Database not working Message-ID: References: <3467676.1744041977@sss.pgh.pa.us> <1933586.1768950341@sss.pgh.pa.us> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1933586.1768950341@sss.pgh.pa.us> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Tue, Jan 20, 2026 at 06:05:41PM -0500, Tom Lane wrote: > Motivated by the discussion at [1], I'd started on the same idea, > but arrived at a rather different refactorization. I think this > way is nicer (less duplicated logic). Either way, we need to > address the docs and probably add more regression tests. Yeah, I think doing most of the work in select_best_grantor() is obviously better. I recall wondering whether we should check for INHERIT or SET privilege (or both) on the grantor role, and IIRC I settled on INHERIT because select_best_grantor() searches through roles we have INHERIT on. Would you like to handle docs/tests/committing, or shall I? -- nathan