From 6ca7ad89b06c65d574a5e9da8192a14458863cb6 Mon Sep 17 00:00:00 2001
From: Laurenz Albe <laurenz.albe@cybertec.at>
Date: Thu, 18 Feb 2021 08:14:55 +0100
Subject: [PATCH] Clarify docs for ALTER DEFAULT PRIVILEGES
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Since this is often a cause of confusion, document that the
default privileges will only be applied to objects created
by the target role.

Suggested by Jordi Gutiérrez Hermoso.

Discussion: https://postgr.es/m/72652d72e1816bfc3c05d40f9e0e0373d07823c8.camel@octave.org
---
 doc/src/sgml/ref/alter_default_privileges.sgml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/doc/src/sgml/ref/alter_default_privileges.sgml b/doc/src/sgml/ref/alter_default_privileges.sgml
index f1d54f5aa3..048dbc9fe2 100644
--- a/doc/src/sgml/ref/alter_default_privileges.sgml
+++ b/doc/src/sgml/ref/alter_default_privileges.sgml
@@ -138,6 +138,13 @@ REVOKE [ GRANT OPTION FOR ]
      <para>
       The name of an existing role of which the current role is a member.
       If <literal>FOR ROLE</literal> is omitted, the current role is assumed.
+
+      The privileges defined in
+      <replaceable class="parameter">abbreviated_grant_or_revoke</replaceable>
+      will only be set on objects created by <replaceable>target_role</replaceable>.
+      This does not extend to role members.  If there are several roles that could
+      create objects, you may have to run <command>ALTER DEFAULT PRIVILEGES</command>
+      for each of them.
      </para>
     </listitem>
    </varlistentry>
-- 
2.26.2