From dc6093dfc7ce2aed0ce5ac244f11498542ff519b Mon Sep 17 00:00:00 2001
From: "Karl O. Pinc" <kop@karlpinc.com>
Date: Sat, 30 Sep 2023 19:29:46 -0500
Subject: [PATCH v4 12/12] Explain role management

It is non-obvious how the permission mechanisms control how
roles are managed, and can be difficult to find the place in
the documentation that describes the details.  When you do,
the details are mixed in with other details un-related to
setting up a management structure for roles.

It is worth providing a concise summary of how roles are managed,
alongside other high-level information related to roles.
---
 doc/src/sgml/user-manag.sgml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/doc/src/sgml/user-manag.sgml b/doc/src/sgml/user-manag.sgml
index 4a26ede8fb..7c854991e5 100644
--- a/doc/src/sgml/user-manag.sgml
+++ b/doc/src/sgml/user-manag.sgml
@@ -52,6 +52,15 @@
   there are only roles.  Any role can act as a user, a group, or both.
  </para>
 
+ <para>
+   Most database objects are managed by way of granting some role ownership,
+   but roles don't have owners.
+   Instead, roles are <link linkend="role-creation">managed</link> by
+   those roles having the <literal>CREATEROLE</literal> attribute, that
+   are also granted <literal>ADMIN</literal> privileges to the roles
+   which are managed.
+ </para>
+
  <para>
   This chapter describes how to create and manage roles.
   More information about the effects of role privileges on various
-- 
2.30.2