On Fri, Mar 22, 2024 at 03:45:06PM -0500, Nathan Bossart wrote:
> On Fri, Mar 22, 2024 at 03:58:59PM -0400, Robert Haas wrote:
>> On Fri, Nov 10, 2023 at 12:41 PM Nathan Bossart
>> <nathandbossart@gmail.com> wrote:
>>> I still think we should update the existing note about privileges for
>>> SET/RESET ROLE to something like the following:
>>>
>>> diff --git a/doc/src/sgml/ref/set_role.sgml b/doc/src/sgml/ref/set_role.sgml
>>> index 13bad1bf66..c91a95f5af 100644
>>> --- a/doc/src/sgml/ref/set_role.sgml
>>> +++ b/doc/src/sgml/ref/set_role.sgml
>>> @@ -41,8 +41,10 @@ RESET ROLE
>>> </para>
>>>
>>> <para>
>>> - The specified <replaceable class="parameter">role_name</replaceable>
>>> - must be a role that the current session user is a member of.
>>> + The current session user must have the <literal>SET</option> for the
>>> + specified <replaceable class="parameter">role_name</replaceable>, either
>>> + directly or indirectly via a chain of memberships with the
>>> + <literal>SET</literal> option.
>>> (If the session user is a superuser, any role can be selected.)
>>> </para>
>>
>> This is a good change; I should have done this when SET was added.
>
> Cool.
Actually, shouldn't this one be back-patched to v16? If so, I'd do that
one separately from the other changes we are discussing.
--
Nathan Bossart
Amazon Web Services: https://aws.amazon.com