Add a role property 'rolinherit' which, when false, denotes that the role
authorTom Lane <tgl@sss.pgh.pa.us>
Tue, 26 Jul 2005 16:38:29 +0000 (16:38 +0000)
committerTom Lane <tgl@sss.pgh.pa.us>
Tue, 26 Jul 2005 16:38:29 +0000 (16:38 +0000)
commitaf019fb9aec0274875a10a89c68c8fecb949349f
tree21f9b389c49ef4386bc8faf9adcd26199417a806
parentf9fd1764615ed5d85fab703b0ffb0c323fe7dfd5
Add a role property 'rolinherit' which, when false, denotes that the role
doesn't automatically inherit the privileges of roles it is a member of;
for such a role, membership in another role can be exploited only by doing
explicit SET ROLE.  The default inherit setting is TRUE, so by default
the behavior doesn't change, but creating a user with NOINHERIT gives closer
adherence to our current reading of SQL99.  Documentation still lacking,
and I think the information schema needs another look.
15 files changed:
doc/src/sgml/catalogs.sgml
doc/src/sgml/func.sgml
src/backend/catalog/aclchk.c
src/backend/catalog/system_views.sql
src/backend/commands/user.c
src/backend/nodes/copyfuncs.c
src/backend/nodes/equalfuncs.c
src/backend/parser/gram.y
src/backend/parser/keywords.c
src/backend/utils/adt/acl.c
src/include/catalog/catversion.h
src/include/catalog/pg_authid.h
src/include/nodes/parsenodes.h
src/include/utils/acl.h
src/test/regress/expected/rules.out