Re: Question about role attributes docs
| От | Shinya Kato |
|---|---|
| Тема | Re: Question about role attributes docs |
| Дата | |
| Msg-id | b1a8deabdc85c0b16043684c2145ab2d@oss.nttdata.com обсуждение исходный текст |
| Ответ на | Re: Question about role attributes docs (Swaha Miller <swaha.miller@gmail.com>) |
| Ответы |
Re: Question about role attributes docs
|
| Список | pgsql-docs |
On 2022-02-16 06:39, Swaha Miller wrote: > On Tue, Feb 15, 2022 at 1:32 PM Shinya Kato > <Shinya11.Kato@oss.nttdata.com> wrote: > >> On 2022-01-12 02:07, Laurenz Albe wrote: >>> On Tue, 2022-01-11 at 16:40 +0900, Shinya Kato wrote: >>>> I have a question about the documentation on ROLE. >>>> >>>> According to [1], INHERIT and BYPASSRLS can be specified when >>>> executing >>>> the CREATE ROLE command. However, there is no such description in >> Role >>>> Attributes in [2]. Are these concepts different from Role >> Attributes? >>>> Or >>>> are they just not documented? If they need to be documented, I'll >> >>>> create >>>> a patch. >>>> >>>> [1] https://www.postgresql.org/docs/devel/sql-createrole.html >>>> [2] https://www.postgresql.org/docs/devel/role-attributes.html >>> >>> I think that is indeed an omission, and adding documentation would >> be a >>> good idea. >> Thanks! I created the patch, and attached it. >> >>> On the other hand, a lot of that information is more or less >>> a duplicate of the CREATE ROLE documentation. I wonder if the >> latter >>> page could be removed altogether. >> I think there is certainly a lot of overlap. However, I think that >> the >> SQL commands page and the database roles page should exist >> separately, >> and should be maintained as they are because there are parts that do >> not >> overlap (for example, IN ROLE and ADMIN). >> >> -- >> Regards, >> >> -- >> Shinya Kato >> Advanced Computing Technology Center >> Research and Development Headquarters >> NTT DATA CORPORATION > > May I suggest replacing the following verbiage in your patch > + A role is needed to permission to inherit privileges of roles > it is a member of. > + (except for superusers, since those bypass all permission > checks). > + If not specified, <literal>INHERIT</literal> is the default, > so to create such a role, use either: > > with clearer wording such as the following: > > A role can explicitly be restricted at time of creation from > inheriting privileges of > roles it is a member of (except for superusers, since those bypass all > permission checks.) > Restricting privileges is done by the <literal>NOINHERIT</literal> > option. > If no option is specified, <literal>INHERIT</literal> is the default. > So to create a role that inherits > > privileges, use either: > > Regards, > > Swaha Miller > Amazon Web Services Thank you for the review, and sorry for late reply. I fixed it. -- Regards, -- Shinya Kato Advanced Computing Technology Center Research and Development Headquarters NTT DATA CORPORATION
Вложения
В списке pgsql-docs по дате отправления: