Re: doc - improve description of default privileges

From: Fabien COELHO <coelho(at)cri(dot)ensmp(dot)fr>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, Brad DeJong <bpd0018(at)gmail(dot)com>, PostgreSQL Developers <pgsql-hackers(at)lists(dot)postgresql(dot)org>
Subject: Re: doc - improve description of default privileges
Date: 2018-11-18 19:05:46
Message-ID: alpine.DEB.2.21.1811181821220.19159@lancre
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

Hello Tom,

Thanks for this precise feedback.

> Progress on this patch seems to be blocked on the question of whether
> we want to keep enlarging the amount of psql-specific information
> in the GRANT reference page, or move that all somewhere else.


> FWIW, I think I agree with Peter's position that moving it somewhere
> else is the better option. Section 5.6 "Privileges" seems like a
> reasonable choice.


> * Perhaps we could fix Peter's complaint about the "Owner" column by
> relabeling it "All Privileges".


> I'd be inclined to label the last column "Default PUBLIC Privileges",
> too, if we can fit that in.


> * The phrase "relation-like objects" seems way too vague, especially since
> one has to read it as excluding sequences, which surely are relations for
> most purposes. Is there a good reason not to just leave that entry as
> "TABLE", full stop? Or maybe it could be "TABLE, VIEW, etc" or some such.


> * I don't think the use of "hardcoded" adds anything.

Hmmm. As "default privileges" can be altered, the point is to describe the
"default default privileges", but this looks absurd, hence the look for
something to add the idea that there is another one. ISTM that removing
"hardcoded" without replacing it makes the thing slightly ambiguous.
No big deal.

> * Is it worth adding another table matching privilege names ("INSERT")
> with their aclitem letters ("a"), rather than having the semi-formal
> format currently appearing in grant.sgml?

Indeed I thought about that, because the description is not easy to read.

> There's also some related material in 9.25 with the aclitem functions;
> it'd be worth unifying that too maybe.

I've put a reference to it at least.

Attached v4:
- moves the table to the privileges section
- updates the table column headers
- adds a privilege/aclitem letter mapping table
- adds some appropriate links towards psql & aclitem


Attachment Content-Type Size
doc-default-perms-4.patch text/x-diff 7.4 KB

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message Andres Freund 2018-11-18 20:38:01 Re: _isnan() on Windows
Previous Message Andrew Dunstan 2018-11-18 18:41:23 Re: pg_dumpall --exclude-database option