public inbox for [email protected]
help / color / mirror / Atom feedFrom: PG Doc comments form <[email protected]>
To: [email protected]
Cc: [email protected]
Subject: Misleading sentence about default privileges
Date: Thu, 17 Jun 2021 09:07:11 +0000
Message-ID: <[email protected]> (raw)
The following documentation comment has been logged on the website:
Page: https://www.postgresql.org/docs/10/sql-alterdefaultprivileges.html
Description:
In the docs
(https://www.postgresql.org/docs/10/sql-alterdefaultprivileges.html) it
states:
> You can change default privileges only for objects that will be created by
yourself or by roles that you are a member of.
Yet, altering the default privileges `for role`'s that I am a member of
(i.e. `target_role` in docs), does not affect privileges granted on objects
created by other members of said role.
Seeing as separating Users (roles with log-in privilege) from Roles
(containing concrete grants, unable to log in) seems a common, and
recommendable pattern, I believe the statement is quite misleading.
For an example of expected behaviour, see this Stack Overflow question:
https://stackoverflow.com/questions/56237907/why-doesnt-alter-default-privileges-work-as-expected
The only scenario I can think of where the statement makes sense seems quite
foreign to me:
Scenario: I, say `role_a`, have log-in, and am also a member of another
Role, say `role_b`, which also has login. Only objects created directly by
`role_b` (i.e. not any of its members) are affected.
I suggest adding something like the following to the documentation:
" Note that only object created directly by _*target_role*_ , i.e. not any
of its members, will have privileges granted. "
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: Misleading sentence about default privileges
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox