On Fri, Sep 15, 2023 at 11:46:35AM -0700, Yurii Rashkovskii wrote: > It appears that 16.0 improved some of the checks in ALTER ROLE. Previously, > it was possible to do the following (assuming current_user is a bootstrap > user): > > ``` > ALTER ROLE current_user NOSUPERUSER > ``` > > As of 16.0, this produces an error: > > ``` > ERROR: permission denied to alter role > DETAIL: The bootstrap user must have the SUPERUSER attribute. > ``` > > The attached patch documents this behavior by providing a bit more > clarification to the following statement: > > "Database superusers can change any of these settings for any role."
I think this could also be worth a mention in the glossary [0]. BTW the glossary calls this role the "bootstrap superuser", but the DETAIL message calls it the "bootstrap user". Perhaps we should standardize on one name.
