Re: Revoke Connect Privilege from Database not working

public inbox for pgsql-sql@postgresql.org  
help / color / mirror / Atom feed

From: Nathan Bossart <nathandbossart@gmail.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Robert Haas <robertmhaas@gmail.com>
Cc: Peter Eisentraut <peter@eisentraut.org>
Cc: David G. Johnston <david.g.johnston@gmail.com>
Cc: Ing. Marijo Kristo <marijo.kristo@icloud.com>
Cc: PostgreSQL Bug List <pgsql-bugs@lists.postgresql.org>
Subject: Re: Revoke Connect Privilege from Database not working
Date: Fri, 6 Mar 2026 16:01:50 -0600
Message-ID: <aatOzgie9RlzbGoo@nathan> (raw)
In-Reply-To: <2222571.1769014621@sss.pgh.pa.us>
References: <CAKFQuwa7m2smqqpgPetw=i8Aj-xqg9Zjc5Z2aX3AUwNh96WnXw@mail.gmail.com>
	<d9bf666c-4d11-4196-99a8-b71d01d9ad40@me.com>
	<CAKFQuwbB-ZKtN_p_y5sWa2MrTuy5=pRNPWSj1Ud4HHvTuhb54w@mail.gmail.com>
	<3467676.1744041977@sss.pgh.pa.us>
	<CAKFQuwbpC5w6sUq8gZQATrviZUT4bYpxW+=2uH6sWWMg7fWjzg@mail.gmail.com>
	<aRYLkTpazxKhnS_w@nathan>
	<1933586.1768950341@sss.pgh.pa.us>
	<aXDwtbXCu42Fdmrn@nathan>
	<2222571.1769014621@sss.pgh.pa.us>

On Wed, Jan 21, 2026 at 11:57:01AM -0500, Tom Lane wrote:
> Nathan Bossart <nathandbossart@gmail.com> writes:
>> Yeah, I think doing most of the work in select_best_grantor() is obviously
>> better.  I recall wondering whether we should check for INHERIT or SET
>> privilege (or both) on the grantor role, and IIRC I settled on INHERIT
>> because select_best_grantor() searches through roles we have INHERIT on.
> 
> Yeah, I mentally had that point as something to check on.  Clearly,
> if you have SET ROLE privilege then you can become the target role
> and then issue the GRANT, so if we define GRANTED BY like that
> then we're not allowing anything that can't be done today.  However,
> it feels like INHERIT is a more natural test to make, since AIUI
> that is what permits "automatic" use of a role's privileges, and that
> seems to be what we'd be doing here.

Agreed.

> I'd be interested to hear Robert's opinion on this, or somebody
> else who worked on the SET/INHERIT splitup.
> 
> Also cc'ing Peter, who put in the current effectively-a-noise-clause
> behavior of GRANTED BY, to see if he has standards-compliance or
> other concerns about changing this.

Robert/Peter, do you have any thoughts about expanding GRANT/REVOKE GRANTED
BY like this?  I think it would've helped with a couple of reports received
during this development cycle, and IMHO it'd be a nice little feature for
v19.

-- 
nathan

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: pgsql-sql@postgresql.org
  Cc: nathandbossart@gmail.com, tgl@sss.pgh.pa.us, robertmhaas@gmail.com, peter@eisentraut.org, david.g.johnston@gmail.com, marijo.kristo@icloud.com, pgsql-bugs@lists.postgresql.org
  Subject: Re: Revoke Connect Privilege from Database not working
  In-Reply-To: <aatOzgie9RlzbGoo@nathan>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox