Re: Question about role attributes docs

On 2022-07-23 00:35, Fujii Masao wrote:
> On 2022/03/17 17:56, Shinya Kato wrote:
>> Thank you for the review, and sorry for late reply.
>> I fixed it.
> 
> Thanks for updating the patch!
Thank you for the review!


> I found that the patch has two trailing whitespaces.
Sorry, I fixed them.


> +        A role can explicitly be restricted at time of creation from
> inheriting privileges of
> +        roles it is a member of (except for superusers, since those
> bypass all permission checks.)
> +        Restricting privileges is done by the
> <literal>NOINHERIT</literal> option.
> +        If no option is specified, <literal>INHERIT</literal> is the
> default. So to create a role that inherits
> +        privileges, use either:
> 
> It sounds strange to me that restriction of inheritance is explained
> at the beginning. Instead, something like the following is more
> intuitive and easy-to-understand to users?
> 
> ------------------------
> A role is given permission to inherit the privileges of roles it is a
> member of, by default. However, to create a role without the
> permission, use CREATE ROLE name NOINHERIT.
> ------------------------
> 
> +        A role must be explicitly given permission to bypass
> row-level security (RLS) policy.
> +        (except for superusers, since those bypass all permission 
> checks).
> 
> Like CREATE ROLE docs does, isn't it better to add "every" just before
> "row-level"?
> 
> A dot just between "policy" and "(except" should be removed.
> 
> +      <term>bypass row-level
> security<indexterm><primary>role</primary><secondary>privilege to
> bypass</secondary></indexterm></term>
> 
> "bypass" should be "bypassing" or something because a noun is used for
> each entry title in other places?
> 
> +        To create such a role, use <literal>CREATE ROLE
> <replaceable>name</replaceable> BYPASSRLS</literal>.
> 
> Isn't it better to add "as a superuser" just after
> "BYPASSRLS</literal>" because only a superuser can create a new role
> having the BYPASSRLS attribute?
> 
> +        -1 (the default) means no limit. To create such a role, use
> <literal>CREATE ROLE <replaceable>name</replaceable> CONNECTION
> LIMIT<replaceable> connlimit</replaceable> LOGIN</literal>.
> 
> "To create such a role" sounds odd to me in this context. Instead, how
> about something like "Specify connection limit upon role creation with
> CREATE ROLE name CONNECTION LIMIT 'integer'."?
I agree with what you say. I fixed everything.


-- 
Regards,

--
Shinya Kato
Advanced Computing Technology Center
Research and Development Headquarters
NTT DATA CORPORATION