mirror of
https://github.com/neondatabase/neon.git
synced 2026-01-07 05:22:56 +00:00
363ea97f69
The previous tests really didn't do much. This set should be quite a bit more encompassing. Signed-off-by: Tristan Partin <tristan@neon.tech>
26 lines
699 B
SQL
26 lines
699 B
SQL
DO $$
|
|
DECLARE
|
|
role record;
|
|
BEGIN
|
|
FOR role IN
|
|
SELECT rolname AS name, rolinherit AS inherit
|
|
FROM pg_roles
|
|
WHERE pg_has_role(rolname, 'neon_superuser', 'member')
|
|
LOOP
|
|
IF NOT role.inherit THEN
|
|
RAISE EXCEPTION '% cannot inherit', quote_ident(role.name);
|
|
END IF;
|
|
END LOOP;
|
|
|
|
FOR role IN
|
|
SELECT rolname AS name, rolbypassrls AS bypassrls
|
|
FROM pg_roles
|
|
WHERE NOT pg_has_role(rolname, 'neon_superuser', 'member')
|
|
AND NOT starts_with(rolname, 'pg_')
|
|
LOOP
|
|
IF role.bypassrls THEN
|
|
RAISE EXCEPTION '% can bypass RLS', quote_ident(role.name);
|
|
END IF;
|
|
END LOOP;
|
|
END $$;
|