Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nUlwS-000458-8N for pgsql-docs@arkaria.postgresql.org; Thu, 17 Mar 2022 08:57:08 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.92) (envelope-from ) id 1nUlwQ-0005gQ-7M for pgsql-docs@arkaria.postgresql.org; Thu, 17 Mar 2022 08:57:06 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nUlwP-0005gH-Vh for pgsql-docs@lists.postgresql.org; Thu, 17 Mar 2022 08:57:05 +0000 Received: from oss.nttdata.com ([49.212.34.109]) by makus.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nUlwM-0006g1-Ml for pgsql-docs@lists.postgresql.org; Thu, 17 Mar 2022 08:57:04 +0000 Received: from oss.nttdata.com (localhost [127.0.0.1]) by oss.nttdata.com (Postfix) with ESMTPA id 56B75611FA; Thu, 17 Mar 2022 17:56:58 +0900 (JST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.5 at oss.nttdata.com MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=_0c492842177957f8d849488bdf14903a" Content-Transfer-Encoding: 7bit Date: Thu, 17 Mar 2022 17:56:58 +0900 From: Shinya Kato To: Swaha Miller Cc: Laurenz Albe , pgsql-docs@lists.postgresql.org Subject: Re: Question about role attributes docs In-Reply-To: References: <1ecdb1ff78e9b03dfce37e85eaca725a@oss.nttdata.com> <746e739062e232ce42a3a8d07ecac1c5@oss.nttdata.com> User-Agent: Roundcube Webmail/1.4.11 Message-ID: X-Sender: Shinya11.Kato@oss.nttdata.com List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --=_0c492842177957f8d849488bdf14903a Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; format=flowed On 2022-02-16 06:39, Swaha Miller wrote: > On Tue, Feb 15, 2022 at 1:32 PM Shinya Kato > wrote: > >> On 2022-01-12 02:07, Laurenz Albe wrote: >>> On Tue, 2022-01-11 at 16:40 +0900, Shinya Kato wrote: >>>> I have a question about the documentation on ROLE. >>>> >>>> According to [1], INHERIT and BYPASSRLS can be specified when >>>> executing >>>> the CREATE ROLE command. However, there is no such description in >> Role >>>> Attributes in [2]. Are these concepts different from Role >> Attributes? >>>> Or >>>> are they just not documented? If they need to be documented, I'll >> >>>> create >>>> a patch. >>>> >>>> [1] https://www.postgresql.org/docs/devel/sql-createrole.html >>>> [2] https://www.postgresql.org/docs/devel/role-attributes.html >>> >>> I think that is indeed an omission, and adding documentation would >> be a >>> good idea. >> Thanks! I created the patch, and attached it. >> >>> On the other hand, a lot of that information is more or less >>> a duplicate of the CREATE ROLE documentation. I wonder if the >> latter >>> page could be removed altogether. >> I think there is certainly a lot of overlap. However, I think that >> the >> SQL commands page and the database roles page should exist >> separately, >> and should be maintained as they are because there are parts that do >> not >> overlap (for example, IN ROLE and ADMIN). >> >> -- >> Regards, >> >> -- >> Shinya Kato >> Advanced Computing Technology Center >> Research and Development Headquarters >> NTT DATA CORPORATION > > May I suggest replacing the following verbiage in your patch > + A role is needed to permission to inherit privileges of roles > it is a member of. > + (except for superusers, since those bypass all permission > checks). > + If not specified, INHERIT is the default, > so to create such a role, use either: > > with clearer wording such as the following: > > A role can explicitly be restricted at time of creation from > inheriting privileges of > roles it is a member of (except for superusers, since those bypass all > permission checks.) > Restricting privileges is done by the NOINHERIT > option. > If no option is specified, INHERIT is the default. > So to create a role that inherits > > privileges, use either: > > Regards, > > Swaha Miller > Amazon Web Services Thank you for the review, and sorry for late reply. I fixed it. -- Regards, -- Shinya Kato Advanced Computing Technology Center Research and Development Headquarters NTT DATA CORPORATION --=_0c492842177957f8d849488bdf14903a Content-Transfer-Encoding: base64 Content-Type: text/x-diff; name=v2-add-role-attributes-to-docs.patch Content-Disposition: attachment; filename=v2-add-role-attributes-to-docs.patch; size=2254 ZGlmZiAtLWdpdCBhL2RvYy9zcmMvc2dtbC91c2VyLW1hbmFnLnNnbWwgYi9kb2Mvc3JjL3NnbWwv dXNlci1tYW5hZy5zZ21sCmluZGV4IDkwNjdiZTFkOWMuLmZiOWYzODJjOTIgMTAwNjQ0Ci0tLSBh L2RvYy9zcmMvc2dtbC91c2VyLW1hbmFnLnNnbWwKKysrIGIvZG9jL3NyYy9zZ21sL3VzZXItbWFu YWcuc2dtbApAQCAtMjM2LDYgKzIzNiw0NCBAQCBDUkVBVEUgVVNFUiA8cmVwbGFjZWFibGU+bmFt ZTwvcmVwbGFjZWFibGU+OwogICAgICAgIDwvcGFyYT4KICAgICAgIDwvbGlzdGl0ZW0+CiAgICAg IDwvdmFybGlzdGVudHJ5PgorCisgICAgIDx2YXJsaXN0ZW50cnk+CisgICAgICA8dGVybT5pbmhl cml0YW5jZSBvZiBwcml2aWxlZ2VzPGluZGV4dGVybT48cHJpbWFyeT5yb2xlPC9wcmltYXJ5Pjxz ZWNvbmRhcnk+cHJpdmlsZWdlIHRvIGluaGVyaXQ8L3NlY29uZGFyeT48L2luZGV4dGVybT48L3Rl cm0+CisgICAgICA8bGlzdGl0ZW0+CisgICAgICAgPHBhcmE+CisgICAgICAgIEEgcm9sZSBjYW4g ZXhwbGljaXRseSBiZSByZXN0cmljdGVkIGF0IHRpbWUgb2YgY3JlYXRpb24gZnJvbSBpbmhlcml0 aW5nIHByaXZpbGVnZXMgb2YgCisgICAgICAgIHJvbGVzIGl0IGlzIGEgbWVtYmVyIG9mIChleGNl cHQgZm9yIHN1cGVydXNlcnMsIHNpbmNlIHRob3NlIGJ5cGFzcyBhbGwgcGVybWlzc2lvbiBjaGVj a3MuKQorICAgICAgICBSZXN0cmljdGluZyBwcml2aWxlZ2VzIGlzIGRvbmUgYnkgdGhlIDxsaXRl cmFsPk5PSU5IRVJJVDwvbGl0ZXJhbD4gb3B0aW9uLgorICAgICAgICBJZiBubyBvcHRpb24gaXMg c3BlY2lmaWVkLCA8bGl0ZXJhbD5JTkhFUklUPC9saXRlcmFsPiBpcyB0aGUgZGVmYXVsdC4gU28g dG8gY3JlYXRlIGEgcm9sZSB0aGF0IGluaGVyaXRzCisgICAgICAgIHByaXZpbGVnZXMsIHVzZSBl aXRoZXI6IAorPHByb2dyYW1saXN0aW5nPgorQ1JFQVRFIFJPTEUgPHJlcGxhY2VhYmxlPm5hbWU8 L3JlcGxhY2VhYmxlPiBJTkhFUklUOworQ1JFQVRFIFJPTEUgPHJlcGxhY2VhYmxlPm5hbWU8L3Jl cGxhY2VhYmxlPjsKKzwvcHJvZ3JhbWxpc3Rpbmc+CisgICAgICAgPC9wYXJhPgorICAgICAgPC9s aXN0aXRlbT4KKyAgICAgPC92YXJsaXN0ZW50cnk+CisKKyAgICAgPHZhcmxpc3RlbnRyeT4KKyAg ICAgIDx0ZXJtPmJ5cGFzcyByb3ctbGV2ZWwgc2VjdXJpdHk8aW5kZXh0ZXJtPjxwcmltYXJ5PnJv bGU8L3ByaW1hcnk+PHNlY29uZGFyeT5wcml2aWxlZ2UgdG8gYnlwYXNzPC9zZWNvbmRhcnk+PC9p bmRleHRlcm0+PC90ZXJtPgorICAgICAgPGxpc3RpdGVtPgorICAgICAgIDxwYXJhPgorICAgICAg ICBBIHJvbGUgbXVzdCBiZSBleHBsaWNpdGx5IGdpdmVuIHBlcm1pc3Npb24gdG8gYnlwYXNzIHJv dy1sZXZlbCBzZWN1cml0eSAoUkxTKSBwb2xpY3kuCisgICAgICAgIChleGNlcHQgZm9yIHN1cGVy dXNlcnMsIHNpbmNlIHRob3NlIGJ5cGFzcyBhbGwgcGVybWlzc2lvbiBjaGVja3MpLgorICAgICAg ICBUbyBjcmVhdGUgc3VjaCBhIHJvbGUsIHVzZSA8bGl0ZXJhbD5DUkVBVEUgUk9MRSA8cmVwbGFj ZWFibGU+bmFtZTwvcmVwbGFjZWFibGU+IEJZUEFTU1JMUzwvbGl0ZXJhbD4uCisgICAgICAgPC9w YXJhPgorICAgICAgPC9saXN0aXRlbT4KKyAgICAgPC92YXJsaXN0ZW50cnk+CisKKyAgICAgPHZh cmxpc3RlbnRyeT4KKyAgICAgIDx0ZXJtPmNvbm5lY3Rpb24gbGltaXQ8aW5kZXh0ZXJtPjxwcmlt YXJ5PnJvbGU8L3ByaW1hcnk+PHNlY29uZGFyeT5wcml2aWxlZ2UgdG8gbGltaXQgY29ubmVjdGlv bjwvc2Vjb25kYXJ5PjwvaW5kZXh0ZXJtPjwvdGVybT4KKyAgICAgIDxsaXN0aXRlbT4KKyAgICAg ICA8cGFyYT4KKyAgICAgICAgQ29ubmVjdGlvbiBsaW1pdCBjYW4gc3BlY2lmeSBob3cgbWFueSBj b25jdXJyZW50IGNvbm5lY3Rpb25zIGEgcm9sZSBjYW4gbWFrZS4KKyAgICAgICAgLTEgKHRoZSBk ZWZhdWx0KSBtZWFucyBubyBsaW1pdC4gVG8gY3JlYXRlIHN1Y2ggYSByb2xlLCB1c2UgPGxpdGVy YWw+Q1JFQVRFIFJPTEUgPHJlcGxhY2VhYmxlPm5hbWU8L3JlcGxhY2VhYmxlPiBDT05ORUNUSU9O IExJTUlUPHJlcGxhY2VhYmxlPiBjb25ubGltaXQ8L3JlcGxhY2VhYmxlPiBMT0dJTjwvbGl0ZXJh bD4uCisgICAgICAgPC9wYXJhPgorICAgICAgPC9saXN0aXRlbT4KKyAgICAgPC92YXJsaXN0ZW50 cnk+CiAgICAgPC92YXJpYWJsZWxpc3Q+CiAKICAgICBBIHJvbGUncyBhdHRyaWJ1dGVzIGNhbiBi ZSBtb2RpZmllZCBhZnRlciBjcmVhdGlvbiB3aXRoCg== --=_0c492842177957f8d849488bdf14903a--