Skip to content

Add new options like INHERIT and SET to the Role's membership tab. #6451 #9539

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
akshay-joshi merged 3 commits into from
Jan 20, 2026
Merged

Add new options like INHERIT and SET to the Role's membership tab. #6451 #9539

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
87b8bcf
Add new options like INHERIT and SET to the Role's membership tab. #6451
anilsahoo20 Jan 14, 2026
3c64be0
Fixed review comments on code optimization and coderabbit review comm…
anilsahoo20 Jan 14, 2026
87e0195
Fix coderabbit review comments
anilsahoo20 Jan 19, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file modified docs/en_US/images/role_membership.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified docs/en_US/images/role_sql.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
21 changes: 16 additions & 5 deletions docs/en_US/role_dialog.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,15 +65,26 @@ Use the *Privileges* tab to grant privileges to the role.
* Move the *Bypass RLS?* switch to the *Yes* position to control whether a
role can bypasses every row-level security (RLS) policy. The default value is *No*.

Click the *Membership* tab to continue.

.. image:: images/role_membership.png
:alt: Role dialog membership tab
:align: center

* Specify member of the role in the *Member of* field and specify the members in the *Member* field.
Confirm each selection by checking the checkbox to the right of the role name;
delete a selection by clicking the *x* to the left of the role name.
Membership conveys the privileges granted to the specified role to each of
its members.
Use the *Membership* tab to define role memberships. A role can be a member of
other roles and can have other roles as members.

* Use *Member of* section to specify roles of which the current role
is a member. To assign *Admin Option* for a selected role, click on
the appropriate checkbox.
* Use *Members* section to specify roles that are members of the current
role. To assign *Admin Option* for a selected role, click on the appropriate checkbox.

Click the *Add* icon (+) to add more roles; to discard a
role, click the trash icon to the left of the row and confirm the deletion
in the *Delete Row* popup.

**Note:** Apart from *Admin Option*, *Inherit Option* and *Set Option* are available for both *Member of* section and *Members* section from PostgreSQL version >= 16.

Click the *Parameters* tab to continue.

Expand Down
212 changes: 132 additions & 80 deletions web/pgadmin/browser/server_groups/servers/roles/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -207,80 +207,65 @@ def _process_rolemembership(self, id, data):
:param id: id of role
:param data: input role data
"""
def _part_dict_list(dict_list, condition, list_key=None):
def _part_dict_list(dict_list, condition):
ret_val = []
for d in dict_list:
if condition(d):
ret_val.append(d[list_key])
ret_val.append(d)

return ret_val

if id == -1:
data['members'] = []
data['admins'] = []

data['admins'] = _part_dict_list(
data['rolmembership'], lambda d: d['admin'], 'role')
data['members'] = _part_dict_list(
data['rolmembership'], lambda d: not d['admin'], 'role')
data['rolmembership_list'] = data['rolmembership']
else:
data['admins'] = _part_dict_list(
data['rolmembership'].get('added', []),
lambda d: d['admin'], 'role')
data['members'] = _part_dict_list(
data['rolmembership'].get('added', []),
lambda d: not d['admin'], 'role')

data['admins'].extend(_part_dict_list(
data['rolmembership'].get('changed', []),
lambda d: d['admin'], 'role'))
data['revoked_admins'] = _part_dict_list(
data['rolmembership'].get('changed', []),
lambda d: not d['admin'], 'role')

data['revoked'] = _part_dict_list(
data['rolmembership'].get('deleted', []),
lambda _: True, 'role')
data['rolmembership_list'] = data['rolmembership'].get('added', [])

if self.manager.version < 160000:
data['rolmembership_list'].extend(_part_dict_list(
data['rolmembership'].get('changed', []),
lambda d: d['admin']))
data['rolmembership_revoked_admins'] = _part_dict_list(
data['rolmembership'].get('changed', []),
lambda d: not d['admin'])
else:
data['rolmembership_list'].extend(
data['rolmembership'].get('changed', []))

data['rolmembership_revoked_list'] = (
data['rolmembership'].get('deleted', []))

def _process_rolmembers(self, id, data):
"""
Parser role members.
:param id:
:param data:
"""
def _part_dict_list(dict_list, condition, list_key=None):
def _part_dict_list(dict_list, condition):
ret_val = []
for d in dict_list:
if condition(d):
ret_val.append(d[list_key])
ret_val.append(d)

return ret_val
if id == -1:
data['rol_members'] = []
data['rol_admins'] = []
data['rol_members_list'] = data['rolmembers']

data['rol_admins'] = _part_dict_list(
data['rolmembers'], lambda d: d['admin'], 'role')
data['rol_members'] = _part_dict_list(
data['rolmembers'], lambda d: not d['admin'], 'role')
else:
data['rol_admins'] = _part_dict_list(
data['rolmembers'].get('added', []),
lambda d: d['admin'], 'role')
data['rol_members'] = _part_dict_list(
data['rolmembers'].get('added', []),
lambda d: not d['admin'], 'role')

data['rol_admins'].extend(_part_dict_list(
data['rolmembers'].get('changed', []),
lambda d: d['admin'], 'role'))
data['rol_revoked_admins'] = _part_dict_list(
data['rolmembers'].get('changed', []),
lambda d: not d['admin'], 'role')

data['rol_revoked'] = _part_dict_list(
data['rolmembers'].get('deleted', []),
lambda _: True, 'role')
data['rol_members_list'] = data['rolmembers'].get('added', [])

if self.manager.version < 160000:
data['rol_members_list'].extend(_part_dict_list(
data['rolmembers'].get('changed', []),
lambda d: d['admin']))
data['rol_members_revoked_admins'] = _part_dict_list(
data['rolmembers'].get('changed', []),
lambda d: not d['admin'])
else:
data['rol_members_list'].extend(
data['rolmembers'].get('changed', []))

data['rol_members_revoked_list'] = (
data['rolmembers'].get('deleted', []))

def _validate_rolemembers(self, id, data):
"""
Expand All @@ -298,13 +283,21 @@ def _validate_rolemembers(self, id, data):

rolmembers:[{
role: [rolename],
admin: True/False
admin: True/False,
inherit: True/False,
set: True/False,
},
...
]""")

if not self._validate_input_dict_for_new(data['rolmembers'],
['role', 'admin']):
if (self.manager.version < 160000 and
not self._validate_input_dict_for_new(
data['rolmembers'], ['role', 'admin'])):
return msg
elif (self.manager.version >= 160000 and
not self._validate_input_dict_for_new(
data['rolmembers'],
['role', 'admin', 'inherit', 'set'])):
return msg

self._process_rolmembers(id, data)
Expand All @@ -316,26 +309,38 @@ def _validate_rolemembers(self, id, data):
rolmembers:{
'added': [{
role: [rolename],
admin: True/False
admin: True/False,
inherit: True/False,
set: True/False,
},
...
],
'deleted': [{
role: [rolename],
admin: True/False
admin: True/False,
inherit: True/False,
set: True/False,
},
...
],
'updated': [{
role: [rolename],
admin: True/False
admin: True/False,
inherit: True/False,
set: True/False,
},
...
]
""")
if not self._validate_input_dict_for_update(data['rolmembers'],
['role', 'admin'],
['role']):
if (self.manager.version < 160000 and
not self._validate_input_dict_for_update(
data['rolmembers'], ['role', 'admin'], ['role'])):
return msg
elif (self.manager.version >= 160000 and
not self._validate_input_dict_for_update(
data['rolmembers'],
['role', 'admin', 'inherit', 'set'],
['role'])):
return msg

self._process_rolmembers(id, data)
Expand All @@ -357,13 +362,21 @@ def _validate_rolemembership(self, id, data):

rolmembership:[{
role: [rolename],
admin: True/False
admin: True/False,
inherit: True/False,
set: True/False,
},
...
]""")

if not self._validate_input_dict_for_new(
data['rolmembership'], ['role', 'admin']):
if (self.manager.version < 160000 and
not self._validate_input_dict_for_new(
data['rolmembership'], ['role', 'admin'])):
return msg
elif (self.manager.version >= 160000 and
not self._validate_input_dict_for_new(
data['rolmembership'],
['role', 'admin', 'inherit', 'set'])):
return msg

self._process_rolemembership(id, data)
Expand All @@ -375,25 +388,38 @@ def _validate_rolemembership(self, id, data):
rolmembership:{
'added': [{
role: [rolename],
admin: True/False
admin: True/False,
inherit: True/False,
set: True/False,
},
...
],
'deleted': [{
role: [rolename],
admin: True/False
admin: True/False,
inherit: True/False,
set: True/False,
},
...
],
'updated': [{
role: [rolename],
admin: True/False
admin: True/False,
inherit: True/False,
set: True/False,
},
...
]
""")
if not self._validate_input_dict_for_update(
data['rolmembership'], ['role', 'admin'], ['role']):
if (self.manager.version < 160000 and
not self._validate_input_dict_for_update(
data['rolmembership'], ['role', 'admin'], ['role'])):
return msg
elif (self.manager.version >= 160000 and
not self._validate_input_dict_for_update(
data['rolmembership'],
['role', 'admin', 'inherit', 'set'],
['role'])):
return msg

self._process_rolemembership(id, data)
Expand Down Expand Up @@ -792,16 +818,29 @@ def _set_seclabels(self, row):
})
row['seclabels'] = res

def _set_rolemembership(self, row):
def _set_rolemembers(self, row):

if 'rolmembers' in row and row['rolmembers'] is not None:
rolmembers = []
for role in row['rolmembers']:
role = re.search(r'([01])(.+)', role)
rolmembers.append({
'role': role.group(2),
'admin': True if role.group(1) == '1' else False
})
if self.manager.version < 160000:
m = re.match(r'^([01])(.+)$', role or '')
if not m:
continue
rolmembers.append({
'role': m.group(2),
'admin': m.group(1) == '1'
})
else:
m = re.match(r'^([01])([01])([01])(.+)$', role or '')
if not m:
continue
rolmembers.append({
'role': m.group(4),
'admin': m.group(1) == '1',
'inherit': m.group(2) == '1',
'set': m.group(3) == '1'
})
row['rolmembers'] = rolmembers

def transform(self, rset):
Expand All @@ -810,14 +849,27 @@ def transform(self, rset):
roles = row['rolmembership']
row['rolpassword'] = ''
for role in roles:
role = re.search(r'([01])(.+)', role)
res.append({
'role': role.group(2),
'admin': True if role.group(1) == '1' else False
})
if self.manager.version < 160000:
m = re.match(r'^([01])(.+)$', role or '')
if not m:
continue
res.append({
'role': m.group(2),
'admin': m.group(1) == '1'
})
else:
m = re.match(r'^([01])([01])([01])(.+)$', role or '')
if not m:
continue
res.append({
'role': m.group(4),
'admin': m.group(1) == '1',
'inherit': m.group(2) == '1',
'set': m.group(3) == '1'
})
row['rolmembership'] = res
self._set_seclabels(row)
self._set_rolemembership(row)
self._set_rolemembers(row)

@check_precondition(action='properties')
def properties(self, gid, sid, rid):
Expand Down
18 changes: 13 additions & 5 deletions web/pgadmin/browser/server_groups/servers/roles/static/js/role.ui.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,12 +58,20 @@ export default class RoleSchema extends BaseUISchema {
memberDataFormatter(rawData) {
let members = '';
if(_.isObject(rawData)) {
const serverVersion = this.nodeInfo?.server?.version || 0;
rawData.forEach(member => {
let withAdmin = '';
if(member.admin) { withAdmin = ' [WITH ADMIN]';}
let badges = '';
if (serverVersion >= 160000) {
const admin = (member.admin ?? false).toString().toUpperCase();
const inherit = (member.inherit ?? false).toString().toUpperCase();
const set = (member.set ?? true).toString().toUpperCase();
badges = ` [WITH ADMIN ${admin}, INHERIT ${inherit}, SET ${set}]`;
} else {
badges = member.admin ? ' [WITH ADMIN OPTION]' : '';
}

if (members.length > 0) { members += ', '; }
members = members + (member.role + withAdmin);
members = members + (member.role + badges);
});
}
return members;
Expand Down Expand Up @@ -177,7 +185,7 @@ export default class RoleSchema extends BaseUISchema {
type: 'text',
controlProps: {
formatter: {
fromRaw: obj.memberDataFormatter,
fromRaw: (raw) => obj.memberDataFormatter(raw),
},
}
},
Expand All @@ -198,7 +206,7 @@ export default class RoleSchema extends BaseUISchema {
type: 'text',
controlProps: {
formatter: {
fromRaw: obj.memberDataFormatter,
fromRaw: (raw) => obj.memberDataFormatter(raw),
},
}
},
Expand Down
Loading
Loading