Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vydF9-000HBJ-0R for pgsql-bugs@arkaria.postgresql.org; Fri, 06 Mar 2026 22:01:59 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.96) (envelope-from ) id 1vydF5-0075zt-1o for pgsql-bugs@arkaria.postgresql.org; Fri, 06 Mar 2026 22:01:56 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.96) (envelope-from ) id 1vydF5-0075zj-0l for pgsql-bugs@lists.postgresql.org; Fri, 06 Mar 2026 22:01:55 +0000 Received: from mail-ot1-x329.google.com ([2607:f8b0:4864:20::329]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.98.2) (envelope-from ) id 1vydF3-00000000r32-2Tgv for pgsql-bugs@lists.postgresql.org; Fri, 06 Mar 2026 22:01:54 +0000 Received: by mail-ot1-x329.google.com with SMTP id 46e09a7af769-7d18c654458so4582879a34.3 for ; Fri, 06 Mar 2026 14:01:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1772834512; x=1773439312; darn=lists.postgresql.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=Y8KFbVr8AO+U5jRCaPc8dje/eeE7y7IVxmncf0bHr8s=; b=JLGBtTUvrqGucrAOcdumebEBZRN4k+wpEYkqgFTNKwwuBqM7tPF1r1xn43IXKsXSJN +pA8Dfdgfc5NVuhg4KAp3MKJ+gp+ONHQgOH0fTCamr/J9t9Bhehf+dufVxPgxG3yTe5g Qn/SKDwxMqUMjLEAU+7I2fTu0snFzwmDM9COskrgnXjgMlCrKH8FO1SdwWekOXaU4UGM YVvBlf1gN21Mb+r+I3cGb07JPmob+Y4bVVqxCA/Hr8U/uIRm6d8XkXpaM7NvES8gClJN UlyJ1HZL+jlkOltBvJ2BoTrjfkok56vbQzndoAmqjZ+B5gDziacB0A4bX9YkyStg2UMj 5DJQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1772834512; x=1773439312; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-gg:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Y8KFbVr8AO+U5jRCaPc8dje/eeE7y7IVxmncf0bHr8s=; b=swroi6v8K1B5Idl/RJRnR8CgjhV+FmRoIkhztQ0BrrshADrc/QAK1HxFtxzqfB5ieD CTPNtkjk7lfms1lMJvC9dYGkY+OPvM/yKCIl+05fg31BtobqgJINcfnSUspVWZqYQnPk o7rv73c+myJ08PHiI4IHZPT+ix1IWyjkihdIfKTm0Lqs1vVRnNeSflNm13fjIne3Np9V ZvWKoI8rUre1GGP0ZY2gAAYu3MGgxNEjM9NN5vHhLugmk5qo1WrDXp+foIxMT+5Trwmh A7H1sHQU/mug56KXNsYz2tVhk8LlvC1TS2pPYLXJB7NFpvZfX0k7F129c+v2+1qEJcCN /rlQ== X-Forwarded-Encrypted: i=1; AJvYcCVtYq564FqmCKGO9fuNK+qcSupZJbOp1kStjZwbeovTCYQ/KiApiKxGejSop0mbSemj4pozxspCF3M+@lists.postgresql.org X-Gm-Message-State: AOJu0Ywy/zsMB61X3Jvor1IkYHRqEv+DMNgZ8euc7gzzV5YS2JL8u9I1 Wa3rd62K1B0Nv5GVpIu9G7eMdWu/PIF4Bfj8n5wAJP/dsvwYencoq0Hm X-Gm-Gg: ATEYQzz/X7Dc9+PErS2Knxn6JRsFc8qHkxx6bN7gy4dg45o224ik0MaujlQ1x576opC mMbublKi7VVEiR2hHX0aQxyq6BLLioKfHoE1uR53hGXylZTfN8CzBHxh7iJkp4n1j30GLqS0+MQ /3UjUaLmiNHZUs9U+2P8bMw9jQ4NhqDl4+MLPYTDGvh+gaIW+ACFu4drfh6Y7oK+BOIBGlAIA4h t/nswBkPS0/+b6X7V5qkDevQbKdMUT/aLw8v4Hgki8lSqSPdtJW14Z3gji+WcAhqDyzYrobPEcK Ly67IApplNIr3EobR3X0QmGnZAEH/ogq/XABevsG8FTK8pz4JC63mV8qeP5nx7waSXhmQdwNIqX BixYloppILgqAO5cwiw3gbCSG6jRLvYJl3n0rPJxSRx8s6jgPwmj1CKfk//4BKPX3WFEi5TDyft imprerLtxlDI265c9lUPCLPFf3CUTu0LMW75Y6QXh9kphuxtRU3/3/SzfBjgs2OePO8QCyUEHKo c6R4K8lSJiV4A+5Pl8D1g== X-Received: by 2002:a05:6830:2b27:b0:7c6:e92f:41cc with SMTP id 46e09a7af769-7d727001d05mr2132936a34.21.1772834512414; Fri, 06 Mar 2026 14:01:52 -0800 (PST) Received: from nathan (162-195-168-172.lightspeed.stlsmo.sbcglobal.net. [162.195.168.172]) by smtp.gmail.com with ESMTPSA id 46e09a7af769-7d728c5e182sm1661469a34.6.2026.03.06.14.01.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 06 Mar 2026 14:01:51 -0800 (PST) Date: Fri, 6 Mar 2026 16:01:50 -0600 From: Nathan Bossart To: Tom Lane Cc: Robert Haas , Peter Eisentraut , "David G. Johnston" , "Ing. Marijo Kristo" , PostgreSQL Bug List Subject: Re: Revoke Connect Privilege from Database not working Message-ID: References: <3467676.1744041977@sss.pgh.pa.us> <1933586.1768950341@sss.pgh.pa.us> <2222571.1769014621@sss.pgh.pa.us> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <2222571.1769014621@sss.pgh.pa.us> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On Wed, Jan 21, 2026 at 11:57:01AM -0500, Tom Lane wrote: > Nathan Bossart writes: >> Yeah, I think doing most of the work in select_best_grantor() is obviously >> better. I recall wondering whether we should check for INHERIT or SET >> privilege (or both) on the grantor role, and IIRC I settled on INHERIT >> because select_best_grantor() searches through roles we have INHERIT on. > > Yeah, I mentally had that point as something to check on. Clearly, > if you have SET ROLE privilege then you can become the target role > and then issue the GRANT, so if we define GRANTED BY like that > then we're not allowing anything that can't be done today. However, > it feels like INHERIT is a more natural test to make, since AIUI > that is what permits "automatic" use of a role's privileges, and that > seems to be what we'd be doing here. Agreed. > I'd be interested to hear Robert's opinion on this, or somebody > else who worked on the SET/INHERIT splitup. > > Also cc'ing Peter, who put in the current effectively-a-noise-clause > behavior of GRANTED BY, to see if he has standards-compliance or > other concerns about changing this. Robert/Peter, do you have any thoughts about expanding GRANT/REVOKE GRANTED BY like this? I think it would've helped with a couple of reports received during this development cycle, and IMHO it'd be a nice little feature for v19. -- nathan