database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-07 00:36:50 +03:00
Code Activity

Remove various special checks around default roles

Browse Source 
Default roles really should be like regular roles, for the most part.
This removes a number of checks that were trying to make default roles
extra special by not allowing them to be used as regular roles.

We still prevent users from creating roles in the "pg_" namespace or
from altering roles which exist in that namespace via ALTER ROLE, as
we can't preserve such changes, but otherwise the roles are very much
like regular roles.

Based on discussion with Robert and Tom.
This commit is contained in:
Stephen Frost
2016-05-06 14:06:50 -04:00
parent 6bd356c33a
commit a89505fd21
11 changed files with 10 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/backend/commands/user.c
View File

@ -1262,18 +1262,10 @@ GrantRole(GrantRoleStmt *stmt)
ListCell *item;
if (stmt->grantor)
{
check_rolespec_name(stmt->grantor,
"Cannot specify reserved role as grantor.");
grantor = get_rolespec_oid(stmt->grantor, false);
}
else
grantor = GetUserId();
foreach(item, stmt->grantee_roles)
check_rolespec_name(lfirst(item),
"Cannot GRANT roles to a reserved role.");
grantee_ids = roleSpecsToIds(stmt->grantee_roles);
/* AccessShareLock is enough since we aren't modifying pg_authid */
@ -1364,9 +1356,6 @@ ReassignOwnedObjects(ReassignOwnedStmt *stmt)
errmsg("permission denied to reassign objects")));
}
check_rolespec_name(stmt->newrole,
"Cannot specify reserved role as owner.");
/* Must have privileges on the receiving side too */
newrole = get_rolespec_oid(stmt->newrole, false);