| From: | Bruce Momjian <bruce(at)momjian(dot)us> |
|---|---|
| To: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
| Cc: | Michael Banck <mbanck(at)gmx(dot)net>, David Burns <david(dot)burns(at)fedex(dot)com>, pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Version 14/15 documentation Section "Alter Default Privileges" |
| Date: | 2023-11-04 18:20:51 |
| Message-ID: | ZUaLgyKdfWeh6nlj@momjian.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-docs pgsql-hackers |
On Sat, Nov 4, 2023 at 07:05:28AM +0100, Laurenz Albe wrote:
> On Fri, 2023-11-03 at 12:53 -0400, Bruce Momjian wrote:
> > I have developed the attached patch on top of the alter default patch I
> > just applied. It is more radical, making FOR ROLE clearer, and also
> > moving my new FOR ROLE text up to the first paragraph, and reordering
> > the paragraphs to be clearer.
> >
> > I think this is too radical for backpatch to 11/12, but I think
> > 16/master makes sense after the minor releases next week.
>
> I think it is a good idea to move part of the text to a new paragraph.
Yeah, kind of radical but I think it needed to be done.
> > --- a/doc/src/sgml/ref/alter_default_privileges.sgml
> > +++ b/doc/src/sgml/ref/alter_default_privileges.sgml
> > @@ -90,23 +90,14 @@ REVOKE [ GRANT OPTION FOR ]
> > [...]
> > + As a non-superuser, you can change default privileges only for yourself
> > + and for roles that you are a member of. These privileges are not
> > + inherited, so member roles must use <command>SET ROLE</command> to
> > + access these privileges, or <command>ALTER DEFAULT PRIVILEGES</command>
> > + must be run for each member role. Privileges can be set globally
> > + (i.e., for all objects created in the current database), or just for
> > + objects created in specified schemas.
>
> That this paragraph is not clear enough about who gets the privileges and
> who creates the objects, and that is one of the difficulties in understanding
> ALTER DEFAULT PRIVILEGES.
Yes, I like your new paragraphs better than I what I had.
> This is downright wrong; the "target_role" will *not* be assigned any
> privileges.
>
> Perhaps:
>
> <para>
> Default privileges are changed only for objects created by
> <replaceable>target_role</replaceable>. If <literal>FOR ROLE</literal>
> is omitted, the current role is assumed.
> </para>
Yes, I see your point. Updated patch attached.
--
Bruce Momjian <bruce(at)momjian(dot)us> https://momjian.us
EDB https://enterprisedb.com
Only you can decide what is important to you.
| Attachment | Content-Type | Size |
|---|---|---|
| role.diff | text/x-diff | 4.0 KB |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | PG Doc comments form | 2023-11-04 18:33:56 | jsonb array accessors |
| Previous Message | Thomas Trias | 2023-11-04 15:23:11 | Re: Please make a note regarding the PL/pgSQL FOUND variable |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Soumyadeep Chakraborty | 2023-11-04 18:58:31 | Re: brininsert optimization opportunity |
| Previous Message | Atharva Bhise | 2023-11-04 17:31:30 | Re: Introduction and Inquiry on Beginner-Friendly Issues |