database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-06-25 01:02:05 +03:00
Code Activity

Remove various special checks around default roles

Browse Source 
Default roles really should be like regular roles, for the most part.
This removes a number of checks that were trying to make default roles
extra special by not allowing them to be used as regular roles.

We still prevent users from creating roles in the "pg_" namespace or
from altering roles which exist in that namespace via ALTER ROLE, as
we can't preserve such changes, but otherwise the roles are very much
like regular roles.

Based on discussion with Robert and Tom.
This commit is contained in:
Stephen Frost
2016-05-06 14:06:50 -04:00
parent 6bd356c33a
commit a89505fd21
11 changed files with 10 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
src/test/regress/expected/rolenames.out
View File

@ -816,19 +816,11 @@ LINE 1: DROP USER MAPPING IF EXISTS FOR CURRENT_ROLE SERVER sv9;
DROP USER MAPPING IF EXISTS FOR nonexistent SERVER sv9; -- error
NOTICE: role "nonexistent" does not exist, skipping
-- GRANT/REVOKE
GRANT testrol0 TO pg_abc; -- error
ERROR: role "pg_abc" is reserved
DETAIL: Cannot GRANT roles to a reserved role.
GRANT pg_abc TO pg_abcdef; -- error
ERROR: role "pg_abcdef" is reserved
DETAIL: Cannot GRANT roles to a reserved role.
SET ROLE pg_testrole; -- error
ERROR: invalid value for parameter "role": "pg_testrole"
SET ROLE pg_signal_backend; --error
ERROR: invalid value for parameter "role": "pg_signal_backend"
CREATE SCHEMA test_schema AUTHORIZATION pg_signal_backend; --error
ERROR: role "pg_signal_backend" is reserved
DETAIL: Cannot specify reserved role as owner.
GRANT testrol0 TO pg_signal_backend; -- success
SET ROLE pg_signal_backend; --success
RESET ROLE;
CREATE SCHEMA test_schema AUTHORIZATION pg_signal_backend; --success
SET ROLE testrol2;
UPDATE pg_proc SET proacl = null WHERE proname LIKE 'testagg_';
SELECT proname, proacl FROM pg_proc WHERE proname LIKE 'testagg_';
proname | proacl

10
src/test/regress/sql/rolenames.sql
View File

@ -381,12 +381,12 @@ DROP USER MAPPING IF EXISTS FOR CURRENT_ROLE SERVER sv9; --error
DROP USER MAPPING IF EXISTS FOR nonexistent SERVER sv9; -- error
-- GRANT/REVOKE
GRANT testrol0 TO pg_abc; -- error
GRANT pg_abc TO pg_abcdef; -- error
GRANT testrol0 TO pg_signal_backend; -- success
SET ROLE pg_testrole; -- error
SET ROLE pg_signal_backend; --error
CREATE SCHEMA test_schema AUTHORIZATION pg_signal_backend; --error
SET ROLE pg_signal_backend; --success
RESET ROLE;
CREATE SCHEMA test_schema AUTHORIZATION pg_signal_backend; --success
SET ROLE testrol2;
UPDATE pg_proc SET proacl = null WHERE proname LIKE 'testagg_';
SELECT proname, proacl FROM pg_proc WHERE proname LIKE 'testagg_';