adapter: Reject reserved role specification names in CREATE ROLE#37644
Merged
ggevay merged 1 commit intoJul 15, 2026
Merged
Conversation
CREATE ROLE CURRENT_USER used to create a role literally named "current_user". PostgreSQL rejects CURRENT_USER, CURRENT_ROLE, SESSION_USER, USER, and NONE as role names because they act as role specifications in statements like GRANT ... TO CURRENT_USER, where a role with such a name would be ambiguous. Extend is_reserved_role_name with these names so that role creation, JWT group sync, and pgwire logins all reject them. The check is on the normalized lowercase name because the parser does not track whether an identifier was quoted. Quoted uppercase spellings like "CURRENT_USER" remain valid role names, as in PostgreSQL. Part of SQL-502. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
d0fba32 to
313717f
Compare
mtabebe
approved these changes
Jul 14, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes SQL-502
Motivation
CREATE ROLE CURRENT_USERused to create a role literally namedcurrent_user. PostgreSQL rejectsCURRENT_USER,CURRENT_ROLE,SESSION_USER,USER, andNONEas role names because they act as rolespecifications in statements like
GRANT ... TO CURRENT_USER, where a rolewith such a name would be ambiguous. Found via the CockroachDB logic test
import (#37459).
Description
CREATE ROLEnow rejects the role namescurrent_user,current_role,session_user,user, andnonewith "role name ... is reserved", the sameway it already rejects
publicand themz_/pg_prefixes. The new namesare added to
is_reserved_role_name, the single choke point that covers rolecreation via SQL, role creation via JWT group sync, and pgwire login
validation.
The check is on the normalized (lowercase) name rather than at parse time.
PostgreSQL rejects the unquoted keyword forms while still allowing the quoted
spelling
CREATE ROLE "current_user", but our lexer does not treat thesewords as keywords and does not track whether an identifier was quoted, so the
quoted lowercase forms are rejected too. That is a small deviation from
PostgreSQL that errs on the safe side: a role named
current_useris exactlythe ambiguity being prevented. Quoted spellings that do not normalize to a
reserved lowercase name, such as
CREATE ROLE "CURRENT_USER", remain valid,as in PostgreSQL.
GRANT ... TO PUBLICand friends are unaffected.Verification
Added regression tests to
test/sqllogictest/role.sltcovering all sixreserved names (quoted and unquoted) plus the allowed quoted-uppercase case,
and a unit test in
group_sync.rspinning theis_reserved_role_namecontract. Edge-case behavior (which names PostgreSQL rejects, with which
messages, quoted vs. unquoted) was compared against a live PostgreSQL 18.
🤖 Generated with Claude Code