Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1qTrGy-00Au0v-UO for pgsql-hackers@arkaria.postgresql.org; Wed, 09 Aug 2023 22:03:21 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1qTrGx-008mZb-BD for pgsql-hackers@arkaria.postgresql.org; Wed, 09 Aug 2023 22:03:19 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1qTrGx-008mZT-1p for pgsql-hackers@lists.postgresql.org; Wed, 09 Aug 2023 22:03:19 +0000 Received: from momjian.us ([72.94.173.45]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1qTrGu-001Yh1-Qu for pgsql-hackers@postgresql.org; Wed, 09 Aug 2023 22:03:18 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=momjian.us; s=2023062407; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID: Subject:Cc:To:From:Date:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description; bh=JDyYEWjCM9kI6WtixJ7GtJXe0GzBubfTF6D9awIPQww=; b=EuMtY NLhM/6ltzKNtOJZHt64C7UELSkpK4hiKRX8thahJ7EfFp8Udt4yth6ivMuCZWLdR6OipdRZACfleD 0QMpVuphgX8NozOX37Z/qp6UaRYCVLgW63r97ZPSHfT4344TZkFAcvmEVh7CByUj3bmiZUT32Gu8f Ufbt4gBB+fUTPqbpYtD7st+rRAA/Rxff2dYGiMeM5Tljxx7ngaO/M59uezMVQKwbGFRf4JZbf7LjK 2eL+QMwDrs/A5ci0bmjQjx5pYkrGWOVGrZMm0sSQkZrfM35RFRB4hWFFUJsfNledjjCbdZhY1qhD4 M1fLOQ86RsR4C+ATqZpSI4b73guAA==; Received: from bruce by momjian.us with local (Exim 4.96) (envelope-from ) id 1qTrGt-00CVF1-1Z; Wed, 09 Aug 2023 18:03:15 -0400 Date: Wed, 9 Aug 2023 18:03:15 -0400 From: Bruce Momjian To: Noah Misch Cc: PostgreSQL-development Subject: Re: PG 16 draft release notes ready Message-ID: References: <20230805230847.GA1370050@rfd.leadboat.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="+hTkCZJVMY4qVXhF" Content-Disposition: inline In-Reply-To: <20230805230847.GA1370050@rfd.leadboat.com> List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --+hTkCZJVMY4qVXhF Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Sat, Aug 5, 2023 at 04:08:47PM -0700, Noah Misch wrote: > On Thu, May 18, 2023 at 04:49:47PM -0400, Bruce Momjian wrote: > > https://momjian.us/pgsql_docs/release-16.html > > > > > > > > > > > Restrict the privileges of CREATEROLE roles (Robert Haas) > > > > > > > > Previously roles with CREATEROLE privileges could change many aspects of any non-superuser role. Such changes, including adding members, now require the role requesting the change to have ADMIN OPTION > > permission. > > > > > > > > > > > > > > > > Improve logic of CREATEROLE roles ability to control other roles (Robert Haas) > > > > > > > > For example, they can change the CREATEDB, REPLICATION, and BYPASSRLS properties only if they also have those permissions. > > > > > > CREATEROLE is a radically different feature in v16. In v15-, it was an > almost-superuser. In v16, informally speaking, it can create and administer > its own collection of roles, but it can't administer roles outside its > collection or grant memberships or permissions not offered to itself. Hence, > let's move these two into the incompatibilities section. Let's also merge > them, since f1358ca52 is just doing to clauses like CREATEDB what cf5eb37c5 > did to role memberships. Good point. I have adjusted this item with the attached patch. -- Bruce Momjian https://momjian.us EDB https://enterprisedb.com Only you can decide what is important to you. --+hTkCZJVMY4qVXhF Content-Type: text/x-diff; charset=us-ascii Content-Disposition: attachment; filename="rel.diff" diff --git a/doc/src/sgml/release-16.sgml b/doc/src/sgml/release-16.sgml index 1213f876f4..cccdc01d11 100644 --- a/doc/src/sgml/release-16.sgml +++ b/doc/src/sgml/release-16.sgml @@ -244,6 +244,24 @@ Collations and locales can vary between databases so having them as read-only se + + + + +Restrict the privileges of CREATEROLE and its ability to modify other roles (Robert Haas) + + + +Previously roles with CREATEROLE privileges could change many aspects of any non-superuser role. Such changes, including adding members, now require the role requesting the change to have ADMIN OPTION +permission. For example, they can now change the CREATEDB, REPLICATION, and BYPASSRLS properties only if they also have those permissions. + + + - - - -Restrict the privileges of CREATEROLE roles (Robert Haas) - - - -Previously roles with CREATEROLE privileges could change many aspects of any non-superuser role. Such changes, including adding members, now require the role requesting the change to have ADMIN OPTION -permission. - - - - - - - -Improve logic of CREATEROLE roles ability to control other roles (Robert Haas) - - - -For example, they can change the CREATEDB, REPLICATION, and BYPASSRLS properties only if they also have those permissions. - - -