Hi I wanted to try out the new role support in 8.1. My goal is to create two roles, dev and admin, and make all other users member of those two roles. The users shall then issue either "set role dev" (if the want to to development work), or "set role admin" (in the rare case where they need superuser access). I did the following: create role dev with nosuperuser nocreaterole createdb noinherit nologin ; create role admin with superuser noinherit nologin ; create role fgp with nosuperuser nocreaterole nocreatedb noinherit login ; grant dev to fgp ; grant admin to fgp ;The last statement fails with "role "admin" is a member of role "fgp" - but I believe it is not.
pg_auth_members looks like this: roleid | member | grantor | admin_option --------+--------+---------+-------------- 16391 | 16393 | 10 | f 16391 is dev, 16392 is admin, 16393 is fgp So, "admin" isn't even mentioned in pg_auth_members.. Did I do something wrong, or is this really a bug? greetings, Florian Pflug
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
