Received: from malur.postgresql.org ([2a02:16a8:dc51::56]) by arkaria.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256) (Exim 4.89) (envelope-from ) id 1ft8Zu-0005JG-Kd for pgsql-docs@arkaria.postgresql.org; Fri, 24 Aug 2018 09:40:26 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.89) (envelope-from ) id 1ft8Zs-0007WL-TZ for pgsql-docs@arkaria.postgresql.org; Fri, 24 Aug 2018 09:40:24 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256) (Exim 4.89) (envelope-from ) id 1ft8Zs-0007WC-O4 for pgsql-docs@lists.postgresql.org; Fri, 24 Aug 2018 09:40:24 +0000 Received: from mout.kundenserver.de ([212.227.126.131]) by magus.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.89) (envelope-from ) id 1ft8Zq-0002LM-9P for pgsql-docs@lists.postgresql.org; Fri, 24 Aug 2018 09:40:24 +0000 Received: from [192.168.178.23] ([89.12.2.247]) by mrelayeu.kundenserver.de (mreue004 [212.227.15.167]) with ESMTPSA (Nemesis) id 0MhPzK-1fWV7p3y1y-00MZVb for ; Fri, 24 Aug 2018 11:40:20 +0200 Subject: Re: "System roles" mentioned in psql documentation To: pgsql-docs@lists.postgresql.org References: <20180823075800.GA30782@paquier.xyz> <753d785e-2d9c-16b1-5430-61ce9027cea3@purtz.de> <20180824002111.GE30782@paquier.xyz> From: =?UTF-8?Q?J=c3=bcrgen_Purtz?= Message-ID: <5409a8d0-5c29-3956-bb06-025b82fc3b56@purtz.de> Date: Fri, 24 Aug 2018 11:40:19 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 MIME-Version: 1.0 In-Reply-To: <20180824002111.GE30782@paquier.xyz> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-GB X-Provags-ID: V03:K1:XCL3QRMd+6B68HWKgLuh5MQjG9ehWao6R8dUfcvkc8PXYU7YB2r mKtJcbvhp3ClT9M0Vy8A/sQlgCDuDEm6XHgbEVX3PwMMcfu1mfCv6OqZkA0z83xylTiMb7z wScc//jl8YsFaEgY9bqWw7H3ajcHqcQw3yHoQ9XaWZUrXkLclp7MkjK6i3dxrOIp84nSEo9 pXjOmwIkm069vZTHI+XDA== X-UI-Out-Filterresults: notjunk:1;V01:K0:k1onJyHlrhE=:Yi/VIN3bTAoc7UYIb594pW 4uH82xsIaR+5b4hjIJFnfjm93hOaMjR3EclccVJPTeRGMeQNWHxOFm1VcDsRoRuWsrnLsj5jr grV8+uhowdQC2IEaRMa4Bp4L3zsD7wu8vt4He7h3JSTjWf47bN0VqN5onBnexrmAUNEqJxphU tEo1+tGu21x/hS7NMrktTdbD3k9DG3YctAOFMA8VO5Vz/cY0L9ceOKR2T8qu9uiwemsivh7+s VGHFykeaCy4PkDjkZrmP1l4IPdVJidPO54dpK2NCWkC/Dd+bfF/Wy2RssOpP4ZRiKa/LTtFAQ H5ZexcJ5MRDqLIjAFmUNA/aCfC/pI5NqdWTrj0oPwzDuQLpzwqS4ObjheJiNl9c9VPNFFaOSz gELsK9tEIavSWkg4+qi4Fx/P/eWIuOF9bswDeAuZDPpZ09GBKKNTiQcB+zYp6cOI1xLzohu3G jt504X0CKxmRFWnsMolnXBjrvA1VSzws29/LxJSeQY9J9YkcqDh2wLiSAVJfSaVFEVKtdIbTU 7sZO3yjPC+wxN1t6/Y23JQxeYvvdrH50tGKC6LrOImNGGufDhXI4wUQuP+aOW9ZSIQxIG+xP3 HRDf013Za4bcWlQDkSu3/eUD3+IiPD/LeJxTV8QqDe0GVX2J2uhUdjpaBVR31rnAHgZxeQUZ3 N6U1L9cQ1crbTT9ZjNlauAKBLERfG60sjogsjDMYd7wvSIcuCjBEf0Ngk8ZUwSKgzrR8CUfBX vojQGvDC28TgCyB5 List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Precedence: bulk On 24.08.2018 02:21, Michael Paquier wrote: > On Thu, Aug 23, 2018 at 10:53:35AM +0200, Jürgen Purtz wrote: >> This inconsistency is part of the more general problem that we miss a >> chapter, where our basic terms like 'database', 'cluster', 'segment', >> 'catalog', 'schema', ... are explicitly defined. > You may have a point here, not in the way of reworking entirely the > documentation, but in the fact that we may want to use "system objects" > instead of "system roles". I am not personally sure that it is a better > improvement than using "default roles", but that's a point to raise. > -- > Michael First, the intention of my note was to improve the complete documentation by defining the meaning of important terms in a separate chapter. The discussion about "system roles" and "default roles" is only one of many points where we use terms in a fuzzy way. Second (and this seems to be the point of your mail), the term "role" is loosely described at the beginning of chapter 21 "A role can be thought of as either a database user, or ... ". In contrast to this description chapter 21.5 and table 21.1. use the term "role" very differently. Here it is used in the sense of a "capability", a "right", a "permission", an "allowed access" ... . This cumulates in the example at the bottom: "GRANT pg_signal_backend TO admin_user;"  What is the "role", the "pg_signal_backend" or the "admin_user"? Kind regards Jürgen Purtz