Re: New predefined roles- 'pg_read/write_all_data' - Mailing list pgsql-hackers

Hi,

On Thu, Apr 01, 2021 at 04:00:06PM -0400, Stephen Frost wrote:
> diff --git a/doc/src/sgml/user-manag.sgml b/doc/src/sgml/user-manag.sgml
> index d171b13236..fe0bdb7599 100644
> --- a/doc/src/sgml/user-manag.sgml
> +++ b/doc/src/sgml/user-manag.sgml
> @@ -518,6 +518,24 @@ DROP ROLE doomed_role;
>        </row>
>       </thead>
>       <tbody>
> +      <row>
> +       <entry>pg_read_all_data</entry>
> +       <entry>Read all data (tables, views, sequences), as if having SELECT
> +       rights on those objects, and USAGE rights on all schemas, even without
> +       having it explicitly.  This role does not have the role attribute
> +       <literal>BYPASSRLS</literal> set.  If RLS is being used, an administrator
> +       may wish to set <literal>BYPASSRLS</literal> on roles which this role is
> +       GRANTed to.</entry>
> +      </row>
> +      <row>
> +       <entry>pg_write_all_data</entry>
> +       <entry>Write all data (tables, views, sequences), as if having INSERT,
> +       UPDATE, and DELETE rights on those objects, and USAGE rights on all
> +       schemas, even without having it explicitly.  This role does not have the
> +       role attribute <literal>BYPASSRLS</literal> set.  If RLS is being used,
> +       an administrator may wish to set <literal>BYPASSRLS</literal> on roles
> +       which this role is GRANTed to.</entry>
> +      </row>

Shouldn't those "SELECT", "INSERT" etc. be wrapped in <command> tags?


Michael

-- 
Michael Banck
Projektleiter / Senior Berater
Tel.: +49 2166 9901-171
Fax:  +49 2166 9901-100
Email: michael.banck@credativ.de

credativ GmbH, HRB Mönchengladbach 12080
USt-ID-Nummer: DE204566209
Trompeterallee 108, 41189 Mönchengladbach
Geschäftsführung: Dr. Michael Meskes, Sascha Heuer

Unser Umgang mit personenbezogenen Daten unterliegt
folgenden Bestimmungen: https://www.credativ.de/datenschutz