On 10.06.20 17:53, Alvaro Herrera wrote:
> On 2020-Jun-10, Laurenz Albe wrote:
>
>> On Tue, 2020-06-09 at 21:34 +0000, PG Doc comments form wrote:
>>> Having read through the documentation on roles/granting I think I more or
>>> less understand how it works, but what isn't really clarified is what the
>>> overall universe of permissions that can be granted looks like. For example
>>> I still didn't realize that to create a schema, you need to "GRANT CREATE"
>>> to the role on the database before the role is allowed to do that. It's hard
>>> to make a mental map of everything that a new role might need when I am
>>> creating it.
>> That would be material for a tutorial rather than a documentation.
> ... but our documentation *does* have a tutorial, which could perhaps
> gain a section about privileges.
>
What permissions issues do users typically struggle with? I personally
have seen no problems in this area. Stephen sends one example; can you
send more examples - or even a short text or a sketch of what you expect
to be in the documentation?
More general: Is it a real problem? My experience is that in most cases
permissions are handled at the application level, not at the database
level. Is it worth to give more details? I don't think so. But it may be
a good idea to follow Stephen's suggestion and put an introductory
summary to the tutorial chapter.
--
Jürgen Purtz