Greetings,
* Bruce Momjian (bruce@momjian.us) wrote:
> I have committed the first draft of the PG 14 release notes. You can
> see the most current build of them here:
>
> https://momjian.us/pgsql_docs/release-14.html
It occurs to me that the wording around the new default roles could
probably be better. Specifically:
Add predefined roles pg_read_all_data and pg_write_all_data (Stephen Frost)
These non-login roles give read-only/write-only access to all objects.
Might be better as:
These non-login roles give read, or write, access to all tables, views,
and sequences.
(These roles don't actually allow, for example, a function to be
redefined, so saying 'all objects' isn't quite right either.)
While these roles could be used to create a 'read only' or 'write only'
role, they, themselves, do not explicitly convey that on to a role
because they don't do anything to prevent someone from GRANT'ing other
rights to some role which has been GRANT'd these predefined roles. I
don't think anyone on this list thought differently from that, but the
phrasing strikes me as potentially confusing.
Maybe another way would be:
These non-login roles give (only) read, or write, access to all tables,
views, and sequences.
but I don't think saying 'only' there really adds anything and instead
invites confusion.
Thanks!
Stephen