Re: PG 14 release notes, first draft

Greetings,

* Bruce Momjian (bruce@momjian.us) wrote:
> I have committed the first draft of the PG 14 release notes.  You can
> see the most current  build of them here:
>
>     https://momjian.us/pgsql_docs/release-14.html

It occurs to me that the wording around the new default roles could
probably be better.  Specifically:

Add predefined roles pg_read_all_data and pg_write_all_data (Stephen Frost)

These non-login roles give read-only/write-only access to all objects.

Might be better as:

These non-login roles give read, or write, access to all tables, views,
and sequences.

(These roles don't actually allow, for example, a function to be
redefined, so saying 'all objects' isn't quite right either.)

While these roles could be used to create a 'read only' or 'write only'
role, they, themselves, do not explicitly convey that on to a role
because they don't do anything to prevent someone from GRANT'ing other
rights to some role which has been GRANT'd these predefined roles.  I
don't think anyone on this list thought differently from that, but the
phrasing strikes me as potentially confusing.

Maybe another way would be:

These non-login roles give (only) read, or write, access to all tables,
views, and sequences.

but I don't think saying 'only' there really adds anything and instead
invites confusion.

Thanks!

Stephen