Обсуждение: wrong statement in the https://www.postgresql.org/docs/current/predefined-roles.html

Поиск
Список
Период
Сортировка

wrong statement in the https://www.postgresql.org/docs/current/predefined-roles.html

От
PG Doc comments form
Дата:
The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/14/predefined-roles.html
Description:

Page: https://www.postgresql.org/docs/current/predefined-roles.html
Wrong statement: "Administrators (including roles that have the CREATEROLE
privilege) can GRANT these roles to users and/or other roles in their
environment, providing those users with access to the specified capabilities
and information."
Suggested statement: "SUPERUSER or roles granted with the ADMIN option on
the particular predifined roles can GRANT these roles other roles, providing
those users with access to the specified capabilities and information."
Testcase:
postgres=> create role bob;
CREATE ROLE
postgres=> grant pg_checkpoint to bob;
ERROR:  permission denied to grant role "pg_checkpoint"
DETAIL:  Only roles with the ADMIN option on role "pg_checkpoint" may grant
this role.
postgres=> grant pg_create_subscription to bob;
ERROR:  permission denied to grant role "pg_create_subscription"
DETAIL:  Only roles with the ADMIN option on role "pg_create_subscription"
may grant this role.

Re: wrong statement in the https://www.postgresql.org/docs/current/predefined-roles.html

От
Laurenz Albe
Дата:
On Thu, 2025-06-12 at 08:19 +0000, PG Doc comments form wrote:
> The following documentation comment has been logged on the website:
>
> Page: https://www.postgresql.org/docs/14/predefined-roles.html
> Description:
>
> Page: https://www.postgresql.org/docs/current/predefined-roles.html
> Wrong statement: "Administrators (including roles that have the CREATEROLE
> privilege) can GRANT these roles to users and/or other roles in their
> environment, providing those users with access to the specified capabilities
> and information."
> Suggested statement: "SUPERUSER or roles granted with the ADMIN option on
> the particular predifined roles can GRANT these roles other roles, providing
> those users with access to the specified capabilities and information."
> Testcase:
> postgres=> create role bob;
> CREATE ROLE
> postgres=> grant pg_checkpoint to bob;
> ERROR:  permission denied to grant role "pg_checkpoint"
> DETAIL:  Only roles with the ADMIN option on role "pg_checkpoint" may grant
> this role.
> postgres=> grant pg_create_subscription to bob;
> ERROR:  permission denied to grant role "pg_create_subscription"
> DETAIL:  Only roles with the ADMIN option on role "pg_create_subscription"
> may grant this role.

+1

That looks like a clear oversight.

Yours,
Laurenz Albe