Re: New predefined roles- 'pg_read/write_all_data'
| От | Stephen Frost |
|---|---|
| Тема | Re: New predefined roles- 'pg_read/write_all_data' |
| Дата | |
| Msg-id | 20210827223333.GW17906@tamriel.snowman.net обсуждение исходный текст |
| Ответ на | Re: New predefined roles- 'pg_read/write_all_data' (Michael Banck <michael.banck@credativ.de>) |
| Ответы |
RE: New predefined roles- 'pg_read/write_all_data'
|
| Список | pgsql-hackers |
Greetings, * Michael Banck (michael.banck@credativ.de) wrote: > On Thu, Apr 01, 2021 at 04:00:06PM -0400, Stephen Frost wrote: > > diff --git a/doc/src/sgml/user-manag.sgml b/doc/src/sgml/user-manag.sgml > > index d171b13236..fe0bdb7599 100644 > > --- a/doc/src/sgml/user-manag.sgml > > +++ b/doc/src/sgml/user-manag.sgml > > @@ -518,6 +518,24 @@ DROP ROLE doomed_role; > > </row> > > </thead> > > <tbody> > > + <row> > > + <entry>pg_read_all_data</entry> > > + <entry>Read all data (tables, views, sequences), as if having SELECT > > + rights on those objects, and USAGE rights on all schemas, even without > > + having it explicitly. This role does not have the role attribute > > + <literal>BYPASSRLS</literal> set. If RLS is being used, an administrator > > + may wish to set <literal>BYPASSRLS</literal> on roles which this role is > > + GRANTed to.</entry> > > + </row> > > + <row> > > + <entry>pg_write_all_data</entry> > > + <entry>Write all data (tables, views, sequences), as if having INSERT, > > + UPDATE, and DELETE rights on those objects, and USAGE rights on all > > + schemas, even without having it explicitly. This role does not have the > > + role attribute <literal>BYPASSRLS</literal> set. If RLS is being used, > > + an administrator may wish to set <literal>BYPASSRLS</literal> on roles > > + which this role is GRANTed to.</entry> > > + </row> > > Shouldn't those "SELECT", "INSERT" etc. be wrapped in <command> tags? Yeah, good point, fixed. Thanks! Stephen
Вложения
В списке pgsql-hackers по дате отправления: