public inbox for [email protected]
help / color / mirror / Atom feedFrom: Laurenz Albe <[email protected]>
To: Daniel Gustafsson <[email protected]>
Cc: [email protected]
Cc: pgsql-docs <[email protected]>
Subject: Re: SQL command : ALTER DATABASE OWNER TO
Date: Fri, 26 Jan 2024 12:03:03 +0100
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <2023185982.281851219.1646733038464.JavaMail.root@zimbra15-e2.priv.proxad.net>
<[email protected]>
<[email protected]>
<[email protected]>
On Wed, 2024-01-24 at 15:26 +0100, Daniel Gustafsson wrote:
> > On 24 Jan 2024, at 15:23, Laurenz Albe <[email protected]> wrote:
> >
> > On Wed, 2024-01-24 at 11:08 +0100, [email protected] wrote:
> > > for this "ALTER DATABASE" form, it should be mentioned that after execution of the command,
> > > the old database owner loses all his privileges on it (even connection) although it might
> > > still owns schemas or objects (tables, index,...) inside it.
> > >
> > > Thanks in advance to add this important precision.
> >
> > How about this:
> >
> > diff --git a/doc/src/sgml/ddl.sgml b/doc/src/sgml/ddl.sgml
> > index 4044f0908f..44042f863c 100644
> > --- a/doc/src/sgml/ddl.sgml
> > +++ b/doc/src/sgml/ddl.sgml
> > @@ -1891,6 +1891,8 @@ ALTER TABLE <replaceable>table_name</replaceable> OWNER TO <replaceable>new_owne
> > Superusers can always do this; ordinary roles can only do it if they are
> > both the current owner of the object (or inherit the privileges of the
> > owning role) and able to <literal>SET ROLE</literal> to the new owning role.
> > + All object privileges of the old owner are transferred to the new owner
> > + along with the ownership.
> > </para>
>
> Doesn't seem unreasonable to me, it won't make the docs harder to read and use
> for experienced users while it may make them easier to follow for new users.
Here is a patch for this change.
Yours,
Laurenz Albe
Attachments:
[text/x-patch] v1-0001-Document-effects-of-ownership-change-on-privilege.patch (1.2K, 2-v1-0001-Document-effects-of-ownership-change-on-privilege.patch)
download | inline diff:
From 3685b2ce9d921857d629bd20d49b1acfd5f01576 Mon Sep 17 00:00:00 2001
From: Laurenz Albe <[email protected]>
Date: Fri, 26 Jan 2024 12:01:37 +0100
Subject: [PATCH v1] Document effects of ownership change on privileges
Privileges have always been transferred along with the ownership,
but it is a good idea to document that.
Per complaint by Gilles Parc.
Author: Laurenz Albe
Reviewed-by: Daniel Gustafsson, David G. Johnston
Discussion: https://postgr.es/m/2023185982.281851219.1646733038464.JavaMail.root%40zimbra15-e2.priv.proxad.net
---
doc/src/sgml/ddl.sgml | 2 ++
1 file changed, 2 insertions(+)
diff --git a/doc/src/sgml/ddl.sgml b/doc/src/sgml/ddl.sgml
index fc03a349f0..835ebd5a67 100644
--- a/doc/src/sgml/ddl.sgml
+++ b/doc/src/sgml/ddl.sgml
@@ -1893,6 +1893,8 @@ ALTER TABLE <replaceable>table_name</replaceable> OWNER TO <replaceable>new_owne
Superusers can always do this; ordinary roles can only do it if they are
both the current owner of the object (or inherit the privileges of the
owning role) and able to <literal>SET ROLE</literal> to the new owning role.
+ All object privileges of the old owner are transferred to the new owner
+ along with the ownership.
</para>
<para>
--
2.43.0
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected]
Subject: Re: SQL command : ALTER DATABASE OWNER TO
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox