Allow CURRENT_ROLE in GRANTED BY

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Allow CURRENT_ROLE in GRANTED BY

Peter Eisentraut-6
I was checking some loose ends in SQL conformance, when I noticed: We
support GRANT role ... GRANTED BY CURRENT_USER, but we don't support
CURRENT_ROLE in that place, even though in PostgreSQL they are
equivalent.  Here is a trivial patch to add that.

--
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

0001-Allow-CURRENT_ROLE-in-GRANTED-BY.patch (2K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Allow CURRENT_ROLE in GRANTED BY

Vik Fearing-6
On 6/24/20 8:35 AM, Peter Eisentraut wrote:
> I was checking some loose ends in SQL conformance, when I noticed: We
> support GRANT role ... GRANTED BY CURRENT_USER, but we don't support
> CURRENT_ROLE in that place, even though in PostgreSQL they are
> equivalent.  Here is a trivial patch to add that.


The only thing that isn't dead-obvious about this patch is the commit
message says "[PATCH 1/2]".  What is in the other part?

Assuming that's just a remnant of development, this LGTM.
--
Vik Fearing


Reply | Threaded
Open this post in threaded view
|

Re: Allow CURRENT_ROLE in GRANTED BY

Peter Eisentraut-6
On 2020-06-24 10:12, Vik Fearing wrote:
> On 6/24/20 8:35 AM, Peter Eisentraut wrote:
>> I was checking some loose ends in SQL conformance, when I noticed: We
>> support GRANT role ... GRANTED BY CURRENT_USER, but we don't support
>> CURRENT_ROLE in that place, even though in PostgreSQL they are
>> equivalent.  Here is a trivial patch to add that.
>
>
> The only thing that isn't dead-obvious about this patch is the commit
> message says "[PATCH 1/2]".  What is in the other part?

Hehe.  The second patch is some in-progress work to add the GRANTED BY
clause to the regular GRANT command.  More on that perhaps at a later date.

--
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services


Reply | Threaded
Open this post in threaded view
|

Re: Allow CURRENT_ROLE in GRANTED BY

Alvaro Herrera-9
In reply to this post by Peter Eisentraut-6
On 2020-Jun-24, Peter Eisentraut wrote:

> I was checking some loose ends in SQL conformance, when I noticed: We
> support GRANT role ... GRANTED BY CURRENT_USER, but we don't support
> CURRENT_ROLE in that place, even though in PostgreSQL they are equivalent.
> Here is a trivial patch to add that.

Hmm, since this adds to RoleSpec, this change makes every place that
uses that production also take CURRENT_ROLE, so we'd need to document in
all those places.  For example, alter_role.sgml, create_schema.sgml,
etc.

This also affects role_list (but maybe the docs for those are already
vague enough -- eg. ALTER INDEX .. OWNED BY only says "role_name" with
no further explanation, even though it does take "current_user".)

--
Álvaro Herrera                https://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services


Reply | Threaded
Open this post in threaded view
|

Re: Allow CURRENT_ROLE in GRANTED BY

Peter Eisentraut-6
On 2020-06-24 23:08, Alvaro Herrera wrote:

> On 2020-Jun-24, Peter Eisentraut wrote:
>
>> I was checking some loose ends in SQL conformance, when I noticed: We
>> support GRANT role ... GRANTED BY CURRENT_USER, but we don't support
>> CURRENT_ROLE in that place, even though in PostgreSQL they are equivalent.
>> Here is a trivial patch to add that.
>
> Hmm, since this adds to RoleSpec, this change makes every place that
> uses that production also take CURRENT_ROLE, so we'd need to document in
> all those places.  For example, alter_role.sgml, create_schema.sgml,
> etc.
Good point.  Here is an updated patch that updates all the documentation
places where CURRENT_USER is mentioned.

--
Peter Eisentraut              http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

v2-0001-Allow-CURRENT_ROLE-where-CURRENT_USER-is-accepted.patch (56K) Download Attachment