On Tue, Jun 25, 2024 at 11:35 AM Nathan Bossart
<nathandbossart@gmail.com> wrote:
> IIUC the intent of this is to expand on the following sentence in the
> existing docs:
>
> pg_database_owner cannot be a member of any role, and it cannot have
> non-implicit members.
>
> My instinct would be to do something like this:
>
> pg_database_owner cannot be granted membership in any role, and no role
> may be granted non-implicit membership in pg_database_owner.
But you couldn't grant someone implicit membership either, because
then it wouldn't be implicit. So maybe something like this:
pg_database_owner is a predefined role for which membership consists,
implicitly, of the current database owner. It cannot be granted
membership in any role, and no role can be granted membership in
pg_database_owner. However, like any role, it can own objects or
receive grants of access privileges. Consequently, once
pg_database_owner has rights within a template database, each owner of
a database instantiated from that template will exercise those rights.
Initially, this role owns the public schema, so each database owner
governs local use of the schema.
--
Robert Haas
EDB: http://www.enterprisedb.com
