Étienne BERSAC
Étienne BERSAC
Hi @dani , can you share verbose output ? Use --verbose to get it.
Hi, I confirm that grants to self are not inspected. Actually, access to own objects is implicit. Why do you want to grant select on self ?
This: ``` ALTER DEFAULT PRIVILEGES FOR ROLE "vaultwarden" GRANT USAGE ON SEQUENCES TO "vaultwarden"; ``` This query configures default privilege to grant usage to `vaultwarden` user on the sequences it...
hmm, I think ldap2pg should skip configure default privileges for self. Let's fix this.
I think I got the point. Default privileges on self are the hard-wire value of pg_default_acl. Thus, granting on self is a noop. pg_default_acl is always empty. ``` console >...
No idea. It seems that CockroachDB is not a fork but a Postgres-wire compatible DB. I need feedback for this.
Hi @arjan-saly-tfs . Thanks for the feed back, this is awesome ! ldap2pg already adapts options by inspecting pg_roles columns. Can you share the output of `\d pg_catalog.pg_authid` ?
Ok. That's a misbehaviour of CoackroachDB. It has internal structure for BYPASSRLS feature but does not accept the keyword. Odd. Something that may be done is the ability to override...
Hi @arjan-saly-tfs . I need a patch to ldap2pg to add such new `postgres:role_options` configuration to override internal logic. I don't have time allocated for develop ldap2pg until a few...
ok, my bad. Yes, you can't user `SUPERUSER` with ldap2pg and CoackroachDB. Is `admin` a parent role ? If yes, you can simply add it to `parent` of super users.