Postgres Pro
Downloads
Home   >   mailing lists

Re: roles that have the CREATEROLE privilege can no longer GRANT predefined roles - Mailing list pgsql-docs

From David G. Johnston
Subject Re: roles that have the CREATEROLE privilege can no longer GRANT predefined roles
Date
Msg-id CAKFQuwbp0Y8DdGjh+_ByK-cOBJuSAuqkwMrmLa5RKVmbYsP+kA@mail.gmail.com
Whole thread Raw
In response to Re: roles that have the CREATEROLE privilege can no longer GRANT predefined roles  (Laurenz Albe <laurenz.albe@cybertec.at>)
List pgsql-docs
Tree view
On Thu, May 2, 2024 at 3:36 AM Laurenz Albe <laurenz.albe@cybertec.at> wrote:
On Wed, 2024-05-01 at 16:09 +0000, PG Doc comments form wrote:
> Page: https://www.postgresql.org/docs/16/predefined-roles.html
>
> roles that have the CREATEROLE privilege can no longer GRANT predefined
> roles unless they are part of it having the WITH ADMIN option. this needs to
> be corrected in the documentation

I see what you mean.  This text:

  Administrators (including roles that have the CREATEROLE privilege)
  can GRANT these roles to users and/or other roles ...

should probably become

  Administrators (including roles that have the CREATEROLE privilege and have been
  granted the predefined role with the ADMIN option)
  can GRANT these roles to users and/or other roles ...


I would suggest just replacing the attempt at describing "performing group membership" here with a link to:

https://www.postgresql.org/docs/current/role-membership.html
Like this:
"Normal roles can exercise these privileges by being added as member of these group roles as described in <xref>."

There isn't anything about these predefined roles and role membership that doesn't apply to any other role.

Though skimming that section it seems to need updating along the lines discussed above.

David J.

pgsql-docs by date:

Previous
From: Jeff Davis
Date:
Subject: Re: Explanations not clear
Next
From: Peter Eisentraut
Date:
Subject: Re: Explanations not clear