From a89505fd21da337b81172871d8f65d9a4fa22a8b Mon Sep 17 00:00:00 2001
From: Stephen Frost <sfrost@snowman.net>
Date: Fri, 6 May 2016 14:06:50 -0400
Subject: Remove various special checks around default roles

Default roles really should be like regular roles, for the most part.
This removes a number of checks that were trying to make default roles
extra special by not allowing them to be used as regular roles.

We still prevent users from creating roles in the "pg_" namespace or
from altering roles which exist in that namespace via ALTER ROLE, as
we can't preserve such changes, but otherwise the roles are very much
like regular roles.

Based on discussion with Robert and Tom.
---
 src/backend/commands/user.c | 11 -----------
 1 file changed, 11 deletions(-)

(limited to 'src/backend/commands/user.c')

diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c
index cc3d5645343..f0ac636b9b7 100644
--- a/src/backend/commands/user.c
+++ b/src/backend/commands/user.c
@@ -1262,18 +1262,10 @@ GrantRole(GrantRoleStmt *stmt)
 	ListCell   *item;
 
 	if (stmt->grantor)
-	{
-		check_rolespec_name(stmt->grantor,
-							"Cannot specify reserved role as grantor.");
 		grantor = get_rolespec_oid(stmt->grantor, false);
-	}
 	else
 		grantor = GetUserId();
 
-	foreach(item, stmt->grantee_roles)
-		check_rolespec_name(lfirst(item),
-							"Cannot GRANT roles to a reserved role.");
-
 	grantee_ids = roleSpecsToIds(stmt->grantee_roles);
 
 	/* AccessShareLock is enough since we aren't modifying pg_authid */
@@ -1364,9 +1356,6 @@ ReassignOwnedObjects(ReassignOwnedStmt *stmt)
 					 errmsg("permission denied to reassign objects")));
 	}
 
-	check_rolespec_name(stmt->newrole,
-						"Cannot specify reserved role as owner.");
-
 	/* Must have privileges on the receiving side too */
 	newrole = get_rolespec_oid(stmt->newrole, false);
 
-- 
cgit v1.2.3