The list of all the queries

Grantable roles

Query goal: Find roles that a member can grant to others, i.e., the role has been granted with ADMIN OPTION. The number of privileges that can be passed on should be as small as possible.
Query type: Problem detection (Each row in the result could represent a flaw in the design)
Query reliability: High (Few or no false-positive results)
Query license: MIT License
Fixing suggestion: Revoke WITH ADMIN OPTION privilege.
Data source: system catalog only
SQL query: Click on query to copy it

SELECT 
role.rolname AS role,
member.rolname AS member,
grantor.rolname AS grantor,
inherit_option,
set_option
FROM pg_auth_members AS pam,
pg_authid AS role,
pg_authid AS member,
pg_authid AS grantor
WHERE pam.roleid=role.oid
AND pam.member=member.oid
AND pam.grantor=grantor.oid
AND member.rolname !~'^pg_'
AND admin_option=TRUE
ORDER BY role, member;

SQL statements for generating SQL statements that help us to fix the problem

SQL queryDescription
WITH privs AS (SELECT 
role.rolname AS role,
member.rolname AS member,
grantor.rolname AS grantor,
inherit_option,
set_option
FROM pg_auth_members AS pam,
pg_authid AS role,
pg_authid AS member,
pg_authid AS grantor
WHERE pam.roleid=role.oid
AND pam.member=member.oid
AND pam.grantor=grantor.oid
AND member.rolname !~'^pg_'
AND admin_option=TRUE)
SELECT format('REVOKE ADMIN OPTION FOR %1$s FROM %2$I;', role, member) AS statements
FROM privs
ORDER BY role, member;
Revoke WITH ADMIN OPTION.

Collections where the query belongs to

Collection nameCollection description
Find problems automaticallyQueries, that results point to problems in the database. Each query in the collection produces an initial assessment. However, a human reviewer has the final say as to whether there is a problem or not .

Categories where the query belongs to

Category nameCategory description
SecurityQueries of this category provide information about the security measures.

Reference materials for further reading

Reference
https://www.postgresql.org/docs/current/catalog-pg-auth-members.html

The list of all the queries