some charts or graphs of possible permissions would be nice
The following documentation comment has been logged on the website:
Page: https://www.postgresql.org/docs/11/sql-grant.html
Description:
Having read through the documentation on roles/granting I think I more or
less understand how it works, but what isn't really clarified is what the
overall universe of permissions that can be granted looks like. For example
I still didn't realize that to create a schema, you need to "GRANT CREATE"
to the role on the database before the role is allowed to do that. It's hard
to make a mental map of everything that a new role might need when I am
creating it.
On Tue, 2020-06-09 at 21:34 +0000, PG Doc comments form wrote:
Having read through the documentation on roles/granting I think I more or
less understand how it works, but what isn't really clarified is what the
overall universe of permissions that can be granted looks like. For example
I still didn't realize that to create a schema, you need to "GRANT CREATE"
to the role on the database before the role is allowed to do that. It's hard
to make a mental map of everything that a new role might need when I am
creating it.
That would be material for a tutorial rather than a documentation.
Yours,
Laurenz Albe
On 2020-Jun-10, Laurenz Albe wrote:
On Tue, 2020-06-09 at 21:34 +0000, PG Doc comments form wrote:
Having read through the documentation on roles/granting I think I more or
less understand how it works, but what isn't really clarified is what the
overall universe of permissions that can be granted looks like. For example
I still didn't realize that to create a schema, you need to "GRANT CREATE"
to the role on the database before the role is allowed to do that. It's hard
to make a mental map of everything that a new role might need when I am
creating it.That would be material for a tutorial rather than a documentation.
... but our documentation *does* have a tutorial, which could perhaps
gain a section about privileges.
--
�lvaro Herrera https://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
On 10.06.20 17:53, Alvaro Herrera wrote:
On 2020-Jun-10, Laurenz Albe wrote:
On Tue, 2020-06-09 at 21:34 +0000, PG Doc comments form wrote:
Having read through the documentation on roles/granting I think I more or
less understand how it works, but what isn't really clarified is what the
overall universe of permissions that can be granted looks like. For example
I still didn't realize that to create a schema, you need to "GRANT CREATE"
to the role on the database before the role is allowed to do that. It's hard
to make a mental map of everything that a new role might need when I am
creating it.That would be material for a tutorial rather than a documentation.
... but our documentation *does* have a tutorial, which could perhaps
gain a section about privileges.
What permissions issues do users typically struggle with? I personally
have seen no problems in this area. Stephen sends one example; can you
send more examples - or even a short text or a sketch of what you expect
to be in the documentation?
More general: Is it a real problem? My experience is that in most cases
permissions are handled at the application level, not at the database
level. Is it worth to give more details? I don't think so. But it may be
a good idea to follow Stephen's suggestion and put an introductory
summary to the tutorial chapter.
--
Jürgen Purtz