Participants
PG Bug reporting form
PG Bug reporting form
Laurenz Albe
Laurenz Albe
David G. Johnston
David G. Johnston
Attachments
Show all attachments
Thread Outline
#1PG Bug reporting formPG Bug reporting form
May 01, 2024
#2Laurenz AlbeLaurenz Albeto PG Bug reporting form (#1)
May 02, 2024
#3David G. JohnstonDavid G. Johnstonto Laurenz Albe (#2)
May 14, 2024

roles that have the CREATEROLE privilege can no longer GRANT predefined roles

Started by PG Bug reporting formalmost 2 years ago3 messagesdocs
Jump to latest
#1PG Bug reporting form
PG Bug reporting form
noreply@postgresql.org

The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/16/predefined-roles.html
Description:

roles that have the CREATEROLE privilege can no longer GRANT predefined
roles unless they are part of it having the WITH ADMIN option. this needs to
be corrected in the documentation
https://www.postgresql.org/docs/current/predefined-roles.html

#2Laurenz Albe
Laurenz Albe
laurenz.albe@cybertec.at
In reply to: PG Bug reporting form (#1)
Re: roles that have the CREATEROLE privilege can no longer GRANT predefined roles

On Wed, 2024-05-01 at 16:09 +0000, PG Doc comments form wrote:

Page: https://www.postgresql.org/docs/16/predefined-roles.html

roles that have the CREATEROLE privilege can no longer GRANT predefined
roles unless they are part of it having the WITH ADMIN option. this needs to
be corrected in the documentation

I see what you mean. This text:

Administrators (including roles that have the CREATEROLE privilege)
can GRANT these roles to users and/or other roles ...

should probably become

Administrators (including roles that have the CREATEROLE privilege and have been
granted the predefined role with the ADMIN option)
can GRANT these roles to users and/or other roles ...

Yours,
Laurenz Albe

#3David G. Johnston
David G. Johnston
david.g.johnston@gmail.com
In reply to: Laurenz Albe (#2)
Re: roles that have the CREATEROLE privilege can no longer GRANT predefined roles

On Thu, May 2, 2024 at 3:36 AM Laurenz Albe <laurenz.albe@cybertec.at>
wrote:

On Wed, 2024-05-01 at 16:09 +0000, PG Doc comments form wrote:

Page: https://www.postgresql.org/docs/16/predefined-roles.html

roles that have the CREATEROLE privilege can no longer GRANT predefined
roles unless they are part of it having the WITH ADMIN option. this

needs to

be corrected in the documentation

I see what you mean. This text:

Administrators (including roles that have the CREATEROLE privilege)
can GRANT these roles to users and/or other roles ...

should probably become

Administrators (including roles that have the CREATEROLE privilege and
have been
granted the predefined role with the ADMIN option)
can GRANT these roles to users and/or other roles ...

I would suggest just replacing the attempt at describing "performing
group membership" here with a link to:

https://www.postgresql.org/docs/current/role-membership.html
Like this:
"Normal roles can exercise these privileges by being added as
member of these group roles as described in <xref>."

There isn't anything about these predefined roles and role membership that
doesn't apply to any other role.

Though skimming that section it seems to need updating along the lines
discussed above.

David J.

← Back to Topics