Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps
 (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <pgsql-docs-owner+archive@lists.postgresql.org>)
	id 1oFonC-0006N9-0e
	for pgsql-docs@arkaria.postgresql.org; Mon, 25 Jul 2022 03:30:02 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.92)
	(envelope-from <pgsql-docs-owner+archive@lists.postgresql.org>)
	id 1oFonA-000872-KV
	for pgsql-docs@arkaria.postgresql.org; Mon, 25 Jul 2022 03:30:00 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <Shinya11.Kato@oss.nttdata.com>)
	id 1oFonA-00086o-Cp
	for pgsql-docs@lists.postgresql.org; Mon, 25 Jul 2022 03:30:00 +0000
Received: from oss.nttdata.com ([49.212.34.109])
	by magus.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <Shinya11.Kato@oss.nttdata.com>)
	id 1oFon8-0005zF-6b
	for pgsql-docs@lists.postgresql.org; Mon, 25 Jul 2022 03:30:00 +0000
Received: from oss.nttdata.com (localhost [127.0.0.1])
	by oss.nttdata.com (Postfix) with ESMTPA id 4719E60538;
	Mon, 25 Jul 2022 12:29:54 +0900 (JST)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.6 at oss.nttdata.com
MIME-Version: 1.0
Content-Type: multipart/mixed;
 boundary="=_72eae281217b775805d039c32386f525"
Content-Transfer-Encoding: 7bit
Date: Mon, 25 Jul 2022 12:29:54 +0900
From: Shinya Kato <Shinya11.Kato@oss.nttdata.com>
To: Fujii Masao <masao.fujii@oss.nttdata.com>
Cc: Swaha Miller <swaha.miller@gmail.com>, Laurenz Albe
 <laurenz.albe@cybertec.at>, pgsql-docs@lists.postgresql.org
Subject: Re: Question about role attributes docs
In-Reply-To: <d2f9d8d9-83aa-061a-7178-6ef79ac3d8ad@oss.nttdata.com>
References: <1ecdb1ff78e9b03dfce37e85eaca725a@oss.nttdata.com>
 <c71810096d7b05dabfa051a37f9fc6b1157dd56f.camel@cybertec.at>
 <746e739062e232ce42a3a8d07ecac1c5@oss.nttdata.com>
 <CAPXknY4aqZZA34OPojPstXSpK8SSCGUt8aSZ_V5UE-Gt+6At6g@mail.gmail.com>
 <b1a8deabdc85c0b16043684c2145ab2d@oss.nttdata.com>
 <d2f9d8d9-83aa-061a-7178-6ef79ac3d8ad@oss.nttdata.com>
User-Agent: Roundcube Webmail/1.4.11
Message-ID: <cab04e92a8c5f86d8f8f34de1a940743@oss.nttdata.com>
X-Sender: Shinya11.Kato@oss.nttdata.com
List-Id: <pgsql-docs.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-docs@lists.postgresql.org>
List-Owner: <mailto:pgsql-docs-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-docs>
Archived-At: 
 <https://www.postgresql.org/message-id/cab04e92a8c5f86d8f8f34de1a940743%40oss.nttdata.com>
Precedence: bulk

--=_72eae281217b775805d039c32386f525
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII;
 format=flowed

On 2022-07-23 00:35, Fujii Masao wrote:
> On 2022/03/17 17:56, Shinya Kato wrote:
>> Thank you for the review, and sorry for late reply.
>> I fixed it.
> 
> Thanks for updating the patch!
Thank you for the review!


> I found that the patch has two trailing whitespaces.
Sorry, I fixed them.


> +        A role can explicitly be restricted at time of creation from
> inheriting privileges of
> +        roles it is a member of (except for superusers, since those
> bypass all permission checks.)
> +        Restricting privileges is done by the
> <literal>NOINHERIT</literal> option.
> +        If no option is specified, <literal>INHERIT</literal> is the
> default. So to create a role that inherits
> +        privileges, use either:
> 
> It sounds strange to me that restriction of inheritance is explained
> at the beginning. Instead, something like the following is more
> intuitive and easy-to-understand to users?
> 
> ------------------------
> A role is given permission to inherit the privileges of roles it is a
> member of, by default. However, to create a role without the
> permission, use CREATE ROLE name NOINHERIT.
> ------------------------
> 
> +        A role must be explicitly given permission to bypass
> row-level security (RLS) policy.
> +        (except for superusers, since those bypass all permission 
> checks).
> 
> Like CREATE ROLE docs does, isn't it better to add "every" just before
> "row-level"?
> 
> A dot just between "policy" and "(except" should be removed.
> 
> +      <term>bypass row-level
> security<indexterm><primary>role</primary><secondary>privilege to
> bypass</secondary></indexterm></term>
> 
> "bypass" should be "bypassing" or something because a noun is used for
> each entry title in other places?
> 
> +        To create such a role, use <literal>CREATE ROLE
> <replaceable>name</replaceable> BYPASSRLS</literal>.
> 
> Isn't it better to add "as a superuser" just after
> "BYPASSRLS</literal>" because only a superuser can create a new role
> having the BYPASSRLS attribute?
> 
> +        -1 (the default) means no limit. To create such a role, use
> <literal>CREATE ROLE <replaceable>name</replaceable> CONNECTION
> LIMIT<replaceable> connlimit</replaceable> LOGIN</literal>.
> 
> "To create such a role" sounds odd to me in this context. Instead, how
> about something like "Specify connection limit upon role creation with
> CREATE ROLE name CONNECTION LIMIT 'integer'."?
I agree with what you say. I fixed everything.


-- 
Regards,

--
Shinya Kato
Advanced Computing Technology Center
Research and Development Headquarters
NTT DATA CORPORATION
--=_72eae281217b775805d039c32386f525
Content-Transfer-Encoding: base64
Content-Type: text/x-diff;
 name=v3-add-role-attributes-to-docs.patch
Content-Disposition: attachment;
 filename=v3-add-role-attributes-to-docs.patch;
 size=1986

ZGlmZiAtLWdpdCBhL2RvYy9zcmMvc2dtbC91c2VyLW1hbmFnLnNnbWwgYi9kb2Mvc3JjL3NnbWwv
dXNlci1tYW5hZy5zZ21sCmluZGV4IDZlYWFhYTM2YjguLjU0Y2IyNTNkOTUgMTAwNjQ0Ci0tLSBh
L2RvYy9zcmMvc2dtbC91c2VyLW1hbmFnLnNnbWwKKysrIGIvZG9jL3NyYy9zZ21sL3VzZXItbWFu
YWcuc2dtbApAQCAtMjM2LDYgKzIzNiwzOSBAQCBDUkVBVEUgVVNFUiA8cmVwbGFjZWFibGU+bmFt
ZTwvcmVwbGFjZWFibGU+OwogICAgICAgIDwvcGFyYT4KICAgICAgIDwvbGlzdGl0ZW0+CiAgICAg
IDwvdmFybGlzdGVudHJ5PgorCisgICAgIDx2YXJsaXN0ZW50cnk+CisgICAgICA8dGVybT5pbmhl
cml0YW5jZSBvZiBwcml2aWxlZ2VzPGluZGV4dGVybT48cHJpbWFyeT5yb2xlPC9wcmltYXJ5Pjxz
ZWNvbmRhcnk+cHJpdmlsZWdlIHRvIGluaGVyaXQ8L3NlY29uZGFyeT48L2luZGV4dGVybT48L3Rl
cm0+CisgICAgICA8bGlzdGl0ZW0+CisgICAgICAgPHBhcmE+CisgICAgICAgIEEgcm9sZSBpcyBn
aXZlbiBwZXJtaXNzaW9uIHRvIGluaGVyaXQgdGhlIHByaXZpbGVnZXMgb2Ygcm9sZXMgaXQgaXMg
YQorICAgICAgICBtZW1iZXIgb2YsIGJ5IGRlZmF1bHQuIEhvd2V2ZXIsIHRvIGNyZWF0ZSBhIHJv
bGUgd2l0aG91dCB0aGUgcGVybWlzc2lvbiwKKyAgICAgICAgdXNlIDxsaXRlcmFsPkNSRUFURSBS
T0xFIDxyZXBsYWNlYWJsZT5uYW1lPC9yZXBsYWNlYWJsZT4gTk9JTkhFUklUPC9saXRlcmFsPi4K
KyAgICAgICA8L3BhcmE+CisgICAgICA8L2xpc3RpdGVtPgorICAgICA8L3Zhcmxpc3RlbnRyeT4K
KworICAgICA8dmFybGlzdGVudHJ5PgorICAgICAgPHRlcm0+YnlwYXNzaW5nIHJvdy1sZXZlbCBz
ZWN1cml0eTxpbmRleHRlcm0+PHByaW1hcnk+cm9sZTwvcHJpbWFyeT48c2Vjb25kYXJ5PnByaXZp
bGVnZSB0byBieXBhc3M8L3NlY29uZGFyeT48L2luZGV4dGVybT48L3Rlcm0+CisgICAgICA8bGlz
dGl0ZW0+CisgICAgICAgPHBhcmE+CisgICAgICAgIEEgcm9sZSBtdXN0IGJlIGV4cGxpY2l0bHkg
Z2l2ZW4gcGVybWlzc2lvbiB0byBieXBhc3MgZXZlcnkgcm93LWxldmVsIHNlY3VyaXR5IChSTFMp
IHBvbGljeQorICAgICAgICAoZXhjZXB0IGZvciBzdXBlcnVzZXJzLCBzaW5jZSB0aG9zZSBieXBh
c3MgYWxsIHBlcm1pc3Npb24gY2hlY2tzKS4KKyAgICAgICAgVG8gY3JlYXRlIHN1Y2ggYSByb2xl
LCB1c2UgPGxpdGVyYWw+Q1JFQVRFIFJPTEUgPHJlcGxhY2VhYmxlPm5hbWU8L3JlcGxhY2VhYmxl
PiBCWVBBU1NSTFM8L2xpdGVyYWw+IGFzIGEgc3VwZXJ1c2VyLgorICAgICAgIDwvcGFyYT4KKyAg
ICAgIDwvbGlzdGl0ZW0+CisgICAgIDwvdmFybGlzdGVudHJ5PgorCisgICAgIDx2YXJsaXN0ZW50
cnk+CisgICAgICA8dGVybT5jb25uZWN0aW9uIGxpbWl0PGluZGV4dGVybT48cHJpbWFyeT5yb2xl
PC9wcmltYXJ5PjxzZWNvbmRhcnk+cHJpdmlsZWdlIHRvIGxpbWl0IGNvbm5lY3Rpb248L3NlY29u
ZGFyeT48L2luZGV4dGVybT48L3Rlcm0+CisgICAgICA8bGlzdGl0ZW0+CisgICAgICAgPHBhcmE+
CisgICAgICAgIENvbm5lY3Rpb24gbGltaXQgY2FuIHNwZWNpZnkgaG93IG1hbnkgY29uY3VycmVu
dCBjb25uZWN0aW9ucyBhIHJvbGUgY2FuIG1ha2UuCisgICAgICAgIC0xICh0aGUgZGVmYXVsdCkg
bWVhbnMgbm8gbGltaXQuIFNwZWNpZnkgY29ubmVjdGlvbiBsaW1pdCB1cG9uIHJvbGUgY3JlYXRp
b24gd2l0aAorICAgICAgICA8bGl0ZXJhbD5DUkVBVEUgUk9MRSA8cmVwbGFjZWFibGU+bmFtZTwv
cmVwbGFjZWFibGU+IENPTk5FQ1RJT04gTElNSVQgJzxyZXBsYWNlYWJsZT5pbnRlZ2VyPC9yZXBs
YWNlYWJsZT4nPC9saXRlcmFsPi4KKyAgICAgICA8L3BhcmE+CisgICAgICA8L2xpc3RpdGVtPgor
ICAgICA8L3Zhcmxpc3RlbnRyeT4KICAgICA8L3ZhcmlhYmxlbGlzdD4KIAogICAgIEEgcm9sZSdz
IGF0dHJpYnV0ZXMgY2FuIGJlIG1vZGlmaWVkIGFmdGVyIGNyZWF0aW9uIHdpdGgK
--=_72eae281217b775805d039c32386f525--