Re: CREATE/ALTER ROLE with NULL password

On Wed, Nov 21, 2018 at 07:36:59PM +0000, PG Doc comments form wrote:
> The current synopsis for CREATE / ALTER ROLE give one of the allowed options
> as:
> [ ENCRYPTED ] PASSWORD 'password'
> and the current documentation for CREATE ROLE says:
> "The ENCRYPTED keyword has no effect, but is accepted for backwards
> compatibility."

The grammar is still supported, so keeping it documented has no actual
problems until it gets removed, if that happens.  Keeping it is not a
real maintenance burden either.

> I think it might be worth explicitly specifying the password-blanking form
> for both commands as a new option in their synopses, e.g.:
>
> "
> CREATE ROLE name [ [ WITH ] option [ ... ] ]
>
> where option can be:
>
>       SUPERUSER | NOSUPERUSER
>     | CREATEDB | NOCREATEDB
>     ...
>     | [ ENCRYPTED ] PASSWORD 'password' | PASSWORD NULL
>     ...
> "

Yes, that the set of grammar combination supported, as ENCRYPTED
PASSWORD NULL is not possible.

> Also, there is inconsistency of quoting of 'password' in the synopsis for
> CREATE/ALTER ROLE (has quotes) vs. their respective parameters sections (no
> quotes).

Agreed, this should have quotes for consistency.  Any objections with
the attached set of fixes from anybody?
--
Michael