mirror of
https://github.com/postgres/postgres.git
synced 2025-10-22 14:32:25 +03:00
e3ce2de09d
The GRANT statement can now specify WITH INHERIT TRUE or WITH INHERIT FALSE to control whether the member inherits the granted role's permissions. For symmetry, you can now likewise write WITH ADMIN TRUE or WITH ADMIN FALSE to turn ADMIN OPTION on or off. If a GRANT does not specify WITH INHERIT, the behavior based on whether the member role is marked INHERIT or NOINHERIT. This means that if all roles are marked INHERIT or NOINHERIT before any role grants are performed, the behavior is identical to what we had before; otherwise, it's different, because ALTER ROLE [NO]INHERIT now only changes the default behavior of future grants, and has no effect on existing ones. Patch by me. Reviewed and testing by Nathan Bossart and Tushar Ahuja, with design-level comments from various others. Discussion: http://postgr.es/m/CA+Tgmoa5Sf4PiWrfxA=sGzDKg0Ojo3dADw=wAHOhR9dggV=RmQ@mail.gmail.com
38 lines
1.3 KiB
C
38 lines
1.3 KiB
C
/*-------------------------------------------------------------------------
|
|
*
|
|
* user.h
|
|
* Commands for manipulating roles (formerly called users).
|
|
*
|
|
*
|
|
* src/include/commands/user.h
|
|
*
|
|
*-------------------------------------------------------------------------
|
|
*/
|
|
#ifndef USER_H
|
|
#define USER_H
|
|
|
|
#include "catalog/objectaddress.h"
|
|
#include "libpq/crypt.h"
|
|
#include "nodes/parsenodes.h"
|
|
#include "parser/parse_node.h"
|
|
|
|
/* GUC. Is actually of type PasswordType. */
|
|
extern PGDLLIMPORT int Password_encryption;
|
|
|
|
/* Hook to check passwords in CreateRole() and AlterRole() */
|
|
typedef void (*check_password_hook_type) (const char *username, const char *shadow_pass, PasswordType password_type, Datum validuntil_time, bool validuntil_null);
|
|
|
|
extern PGDLLIMPORT check_password_hook_type check_password_hook;
|
|
|
|
extern Oid CreateRole(ParseState *pstate, CreateRoleStmt *stmt);
|
|
extern Oid AlterRole(ParseState *pstate, AlterRoleStmt *stmt);
|
|
extern Oid AlterRoleSet(AlterRoleSetStmt *stmt);
|
|
extern void DropRole(DropRoleStmt *stmt);
|
|
extern void GrantRole(ParseState *pstate, GrantRoleStmt *stmt);
|
|
extern ObjectAddress RenameRole(const char *oldname, const char *newname);
|
|
extern void DropOwnedObjects(DropOwnedStmt *stmt);
|
|
extern void ReassignOwnedObjects(ReassignOwnedStmt *stmt);
|
|
extern List *roleSpecsToIds(List *memberNames);
|
|
|
|
#endif /* USER_H */
|