[Doc Patch] Clarify that CREATEROLE roles can GRANT default roles
Hi,
https://www.postgresql.org/docs/current/default-roles.html mentions the
"Administrator" several times, but does not specify it further. I
understand that it is mentioned elsewhere [1]e.g. at https://www.postgresql.org/docs/current/sql-createrole.html it is mentioned that CREATEROLE privs can be regarded as "almost-superuser-roles", but I think it would be
beneficial to remind the reader on that page at least once that
"Administrators" includes "roles with the CREATEROLE privilege" in the
context of GRANTing and REVOKEing default privileges, e.g. with the
attached patch.
Michael
[1]: e.g. at https://www.postgresql.org/docs/current/sql-createrole.html it is mentioned that CREATEROLE privs can be regarded as "almost-superuser-roles"
it is mentioned that CREATEROLE privs can be regarded as "almost-superuser-roles"
--
Michael Banck
Projektleiter / Senior Berater
Tel.: +49 2166 9901-171
Fax: +49 2166 9901-100
Email: michael.banck@credativ.de
credativ GmbH, HRB Mönchengladbach 12080
USt-ID-Nummer: DE204566209
Trompeterallee 108, 41189 Mönchengladbach
Geschäftsführung: Dr. Michael Meskes, Jörg Folz, Sascha Heuer
Unser Umgang mit personenbezogenen Daten unterliegt
folgenden Bestimmungen: https://www.credativ.de/datenschutz
Attachments:
default-roles-createrole.patchtext/x-patch; charset=UTF-8; name=default-roles-createrole.patchDownload
diff --git a/doc/src/sgml/user-manag.sgml b/doc/src/sgml/user-manag.sgml
index cc082521a2..cf1e3a948c 100644
--- a/doc/src/sgml/user-manag.sgml
+++ b/doc/src/sgml/user-manag.sgml
@@ -493,9 +493,10 @@ DROP ROLE doomed_role;
<para>
<productname>PostgreSQL</productname> provides a set of default roles
which provide access to certain, commonly needed, privileged capabilities
- and information. Administrators can GRANT these roles to users and/or
- other roles in their environment, providing those users with access to
- the specified capabilities and information.
+ and information. Administrators (including roles that have the
+ <literal>CREATEROLE</literal> privilege) can <command>GRANT</command> these
+ roles to users and/or other roles in their environment, providing those
+ users with access to the specified capabilities and information.
</para>
<para>
Hi Michael,
On Sat, Nov 28, 2020 at 7:50 AM Michael Banck <michael.banck@credativ.de> wrote:
Hi,
https://www.postgresql.org/docs/current/default-roles.html mentions the
"Administrator" several times, but does not specify it further. I
understand that it is mentioned elsewhere [1], but I think it would be
beneficial to remind the reader on that page at least once that
"Administrators" includes "roles with the CREATEROLE privilege" in the
context of GRANTing and REVOKEing default privileges, e.g. with the
attached patch.
You sent in your patch, default-roles-createrole.patch to
pgsql-hackers on Nov 28, but you did not post it to the next
CommitFest[1]https://commitfest.postgresql.org/31/. If this was intentional, then you need to take no
action. However, if you want your patch to be reviewed as part of the
upcoming CommitFest, then you need to add it yourself before
2021-01-01 AoE[2]https://en.wikipedia.org/wiki/Anywhere_on_Earth. Thanks for your contributions.
Regards,
[1]: https://commitfest.postgresql.org/31/
[2]: https://en.wikipedia.org/wiki/Anywhere_on_Earth
--
Masahiko Sawada
EnterpriseDB: https://www.enterprisedb.com/
Hi,
Am Montag, den 28.12.2020, 20:41 +0900 schrieb Masahiko Sawada:
On Sat, Nov 28, 2020 at 7:50 AM Michael Banck <michael.banck@credativ.de> wrote:
https://www.postgresql.org/docs/current/default-roles.html mentions the
"Administrator" several times, but does not specify it further. I
understand that it is mentioned elsewhere [1], but I think it would be
beneficial to remind the reader on that page at least once that
"Administrators" includes "roles with the CREATEROLE privilege" in the
context of GRANTing and REVOKEing default privileges, e.g. with the
attached patch.You sent in your patch, default-roles-createrole.patch to
pgsql-hackers on Nov 28, but you did not post it to the next
CommitFest[1]. If this was intentional, then you need to take no
action. However, if you want your patch to be reviewed as part of the
upcoming CommitFest, then you need to add it yourself before
2021-01-01 AoE[2]. Thanks for your contributions.
Thanks for reminding me, I've done so now[1]https://commitfest.postgresql.org/31/2921/.
Michael
[1]: https://commitfest.postgresql.org/31/2921/
--
Michael Banck
Projektleiter / Senior Berater
Tel.: +49 2166 9901-171
Fax: +49 2166 9901-100
Email: michael.banck@credativ.de
credativ GmbH, HRB Mönchengladbach 12080
USt-ID-Nummer: DE204566209
Trompeterallee 108, 41189 Mönchengladbach
Geschäftsführung: Dr. Michael Meskes, Jörg Folz, Sascha Heuer
Unser Umgang mit personenbezogenen Daten unterliegt
folgenden Bestimmungen: https://www.credativ.de/datenschutz
On Thu, Dec 31, 2020 at 10:05 AM Michael Banck
<michael.banck@credativ.de> wrote:
Hi,
Am Montag, den 28.12.2020, 20:41 +0900 schrieb Masahiko Sawada:
On Sat, Nov 28, 2020 at 7:50 AM Michael Banck <michael.banck@credativ.de> wrote:
https://www.postgresql.org/docs/current/default-roles.html mentions the
"Administrator" several times, but does not specify it further. I
understand that it is mentioned elsewhere [1], but I think it would be
beneficial to remind the reader on that page at least once that
"Administrators" includes "roles with the CREATEROLE privilege" in the
context of GRANTing and REVOKEing default privileges, e.g. with the
attached patch.
Took look at the wording and +1 from me on the proposed change. FWIW,
I believe the preceding sentence would be more grammatically correct
if the word "which" was replaced with "that", ie. PostgreSQL provides
a set of default roles /that/ provide access to certain, commonly
needed, privileged capabilities and information.
Robert Treat
https://xzilla.net
On Tue, Feb 23, 2021 at 7:19 AM Robert Treat <rob@xzilla.net> wrote:
On Thu, Dec 31, 2020 at 10:05 AM Michael Banck
<michael.banck@credativ.de> wrote:Hi,
Am Montag, den 28.12.2020, 20:41 +0900 schrieb Masahiko Sawada:
On Sat, Nov 28, 2020 at 7:50 AM Michael Banck <michael.banck@credativ.de> wrote:
https://www.postgresql.org/docs/current/default-roles.html mentions the
"Administrator" several times, but does not specify it further. I
understand that it is mentioned elsewhere [1], but I think it would be
beneficial to remind the reader on that page at least once that
"Administrators" includes "roles with the CREATEROLE privilege" in the
context of GRANTing and REVOKEing default privileges, e.g. with the
attached patch.Took look at the wording and +1 from me on the proposed change. FWIW,
I believe the preceding sentence would be more grammatically correct
if the word "which" was replaced with "that", ie. PostgreSQL provides
a set of default roles /that/ provide access to certain, commonly
needed, privileged capabilities and information.
Applied, including the suggested change from Robert.
--
Magnus Hagander
Me: https://www.hagander.net/
Work: https://www.redpill-linpro.com/
On Sat, Mar 06, 2021 at 06:12:50PM +0100, Magnus Hagander wrote:
On Tue, Feb 23, 2021 at 7:19 AM Robert Treat <rob@xzilla.net> wrote:
On Thu, Dec 31, 2020 at 10:05 AM Michael Banck
<michael.banck@credativ.de> wrote:Am Montag, den 28.12.2020, 20:41 +0900 schrieb Masahiko Sawada:
On Sat, Nov 28, 2020 at 7:50 AM Michael Banck <michael.banck@credativ.de> wrote:
https://www.postgresql.org/docs/current/default-roles.html mentions the
"Administrator" several times, but does not specify it further. I
understand that it is mentioned elsewhere [1], but I think it would be
beneficial to remind the reader on that page at least once that
"Administrators" includes "roles with the CREATEROLE privilege" in the
context of GRANTing and REVOKEing default privileges, e.g. with the
attached patch.Took look at the wording and +1 from me on the proposed change. FWIW,
I believe the preceding sentence would be more grammatically correct
if the word "which" was replaced with "that", ie. PostgreSQL provides
a set of default roles /that/ provide access to certain, commonly
needed, privileged capabilities and information.Applied, including the suggested change from Robert.
Thanks!
Michael
--
Michael Banck
Projektleiter / Senior Berater
Tel.: +49 2166 9901-171
Fax: +49 2166 9901-100
Email: michael.banck@credativ.de
credativ GmbH, HRB M�nchengladbach 12080
USt-ID-Nummer: DE204566209
Trompeterallee 108, 41189 M�nchengladbach
Gesch�ftsf�hrung: Dr. Michael Meskes, J�rg Folz, Sascha Heuer
Unser Umgang mit personenbezogenen Daten unterliegt
folgenden Bestimmungen: https://www.credativ.de/datenschutz