From 9d7b98d2f0441ee62a65fd48124ac0f362a43050 Mon Sep 17 00:00:00 2001
From: "Karl O. Pinc" <kop@karlpinc.com>
Date: Sat, 30 Sep 2023 19:29:46 -0500
Subject: [PATCH v6 12/15] Explain role management

It is non-obvious how the permission mechanisms control how
roles are managed, and can be difficult to find the place in
the documentation that describes the details.  When you do,
the details are mixed in with other details un-related to
setting up a management structure for roles.

It is worth providing a concise summary of how roles are managed,
alongside other high-level information related to roles.
---
 doc/src/sgml/user-manag.sgml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/doc/src/sgml/user-manag.sgml b/doc/src/sgml/user-manag.sgml
index 4a26ede8fb..b3422ec4f0 100644
--- a/doc/src/sgml/user-manag.sgml
+++ b/doc/src/sgml/user-manag.sgml
@@ -52,6 +52,15 @@
   there are only roles.  Any role can act as a user, a group, or both.
  </para>
 
+ <para>
+   The managment of most database objects is by way of granting some role
+   ownership, but roles don't have owners.
+   Instead, roles are <link linkend="role-creation">managed</link> by
+   those roles having the <literal>CREATEROLE</literal> attribute, that
+   are also granted <literal>ADMIN</literal> privileges to the roles
+   which are managed.
+ </para>
+
  <para>
   This chapter describes how to create and manage roles.
   More information about the effects of role privileges on various
-- 
2.30.2