Robert Haas <robertmh...@gmail.com> writes: > On Wed, Nov 23, 2022 at 2:28 PM Mark Dilger > <mark.dil...@enterprisedb.com> wrote: >> I had incorrectly imagined that if the bootstrap superuser granted >> CREATEROLE to Alice with particular settings, those settings would >> limit the things that Alice could do when creating role Bob, >> specifically limiting how much she could administer/inherit/set role >> Bob thereafter. Apparently, your proposal only configures what happens >> by default, and Alice can work around that if she wants to.
> Right. Okay ... >> But if that's the case, did I misunderstand upthread that these are >> properties the superuser specifies about Alice? Can Alice just set >> these properties about herself, so she gets the behavior she wants? >> I'm confused now about who controls these settings. > Because they are role-level properties, they can be set by whoever has > ADMIN OPTION on the role. That always includes every superuser, and it > never includes Alice herself (except if she's a superuser). That is just bizarre. Alice can do X, and she can do Y, but she can't control a flag that says which of those happens by default? How is that sane (disregarding the question of whether the existence of the flag is a good idea, which I'm now even less sold on)? regards, tom lane