> On Mar 7, 2022, at 12:03 PM, Mark Dilger <mark.dil...@enterprisedb.com> wrote:
>
> Right, but with a reflexive self-admin-option, we could document that it
> works in a non-inherited way. We'd just be saying the current hard-coded
> behavior is an option which can be revoked rather than something you're stuck
> with.
We could also say that the default is to not have admin option on yourself,
with that being something grantable, but that is a larger change from the
historical behavior and might have more consequences for dump/restore, etc.
My concern about just nuking self-admin is that there may be sites which use
self-admin and we'd be leaving them without a simple work-around after upgrade,
because they couldn't restore the behavior by executing a grant. They'd have
to more fundamentally restructure their role relationships to not depend on
self-admin, something which might be harder for them to do. Perhaps nobody is
using self-admin, or very few people are using it, and I'm being overly
concerned.
—
Mark Dilger
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company