reshke commented on PR #1804:
URL: https://github.com/apache/cloudberry/pull/1804#issuecomment-4631713870

   > This PR's permission check looks up the role by name, not by a fixed OID:
   > 
   > ```
   >   role = get_role_oid("mdb_admin", true);   /* look up the role by the 
name "mdb_admin" */
   >   if (!is_member_of_role(GetUserId(), role))
   >       ereport(ERROR, ...);
   > ```
   > 
   > This means: members of any role that happens to be named mdb_admin can 
manage resource groups. The code doesn't care who created that role or when.
   
   Yep, exactly) We only care about rolsuper or not, if mdb-admin patch does 
not allow to gain superuser priviledge - we consider it safe)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to