diff options
Diffstat (limited to 'src/backend/commands/user.c')
| -rw-r--r-- | src/backend/commands/user.c | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c index bcdc392a817..7f5b8473d81 100644 --- a/src/backend/commands/user.c +++ b/src/backend/commands/user.c @@ -1366,7 +1366,16 @@ AddRoleMems(const char *rolename, Oid roleid, rolename))); } - /* XXX not sure about this check */ + /* + * The role membership grantor of record has little significance at + * present. Nonetheless, inasmuch as users might look to it for a crude + * audit trail, let only superusers impute the grant to a third party. + * + * Before lifting this restriction, give the member == role case of + * is_admin_of_role() a fresh look. Ensure that the current role cannot + * use an explicit grantor specification to take advantage of the session + * user's self-admin right. + */ if (grantorId != GetUserId() && !superuser()) ereport(ERROR, (errcode(ERRCODE_INSUFFICIENT_PRIVILEGE), |