public inbox for [email protected]
help / color / mirror / Atom feedFrom: Laurenz Albe <[email protected]>
To: David Burns <[email protected]>
To: [email protected] <[email protected]>
Subject: Re: Version 14/15 documentation Section "Alter Default Privileges"
Date: Fri, 04 Nov 2022 10:49:42 +0100
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <LV2PR12MB5725F7C1B8EB2FC38829F276E7399@LV2PR12MB5725.namprd12.prod.outlook.com>
<[email protected]>
On Thu, 2022-11-03 at 11:32 +0100, Laurenz Albe wrote:
> On Wed, 2022-11-02 at 19:29 +0000, David Burns wrote:
> > To Whom It May Concern;
>
> It concerns me, because I often see questions from people who misunderstand this.
>
> > Some additional clarity in the versions 14/15 documentation would be helpful specifically
> > surrounding the "target_role" clause for the ALTER DEFAULT PRIVILEGES command.
> > To the uninitiated, the current description seems vague. Maybe something like the following would help:
> >
> > target_role
> > The name of an existing role of which the current role is a member.
> > Default privileges are only applied to objects created by the targeted role/user (FOR ROLE target_role).
> > If the FOR ROLE clause is omitted, the targeted user defaults to the current user executing the
> > ALTER DEFAULT PRIVILEGES command.
>
> +1
After some more thinking, I came up with the attached patch.
Yours,
Laurenz Albe
Attachments:
[text/x-patch] 0001-Improve-ALTER-DEFAULT-PRIVILEGES-documentation.patch (1.4K, ../[email protected]/2-0001-Improve-ALTER-DEFAULT-PRIVILEGES-documentation.patch)
download | inline diff:
From 5f7e664ba6fea08dd5cac0c1c71a0ee77522d7c3 Mon Sep 17 00:00:00 2001
From: Laurenz Albe <[email protected]>
Date: Fri, 4 Nov 2022 10:48:38 +0100
Subject: [PATCH] Improve ALTER DEFAULT PRIVILEGES documentation
Clarify that default privileges are only applied to objects
created by the target role. This has been a frequent source
of misunderstandings.
Author: Laurenz Albe, per request from David Burns
Discussion: https://postgr.es/m/LV2PR12MB5725F7C1B8EB2FC38829F276E7399%40LV2PR12MB5725.namprd12.prod.outlook.com
---
doc/src/sgml/ref/alter_default_privileges.sgml | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/doc/src/sgml/ref/alter_default_privileges.sgml b/doc/src/sgml/ref/alter_default_privileges.sgml
index f1d54f5aa3..fcff17e642 100644
--- a/doc/src/sgml/ref/alter_default_privileges.sgml
+++ b/doc/src/sgml/ref/alter_default_privileges.sgml
@@ -138,6 +138,11 @@ REVOKE [ GRANT OPTION FOR ]
<para>
The name of an existing role of which the current role is a member.
If <literal>FOR ROLE</literal> is omitted, the current role is assumed.
+ Default privileges are only applied to objects created by the
+ <replaceable>target_role</replaceable>. There is no way to set default
+ privileges for objects created by arbitrary roles; for that, you'd have
+ to run <command>ALTER DEFAULT PRIVILEGES</command> for each role that can
+ create objects.
</para>
</listitem>
</varlistentry>
--
2.38.1
view thread (3+ messages)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected]
Subject: Re: Version 14/15 documentation Section "Alter Default Privileges"
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox