This tip
«
It is good practice to create a role that has the CREATEDB and CREATEROLE privileges, but is not a superuser, and then
usethis role for all routine management of databases and roles. This approach avoids the dangers of operating as a
superuserfor tasks that do not really require it.
»
used to be found in all versions of the PG doc from (at least) Version 11 through Version 15. It was in the chapter
"RoleAttributes" (22.2 in "current", 21.2 in Version 11). It immediately followed this: «A role's attributes can be
modifiedafter creation with ALTER ROLE. See the reference pages for the CREATE ROLE and ALTER ROLE commands for
details.»
You can still find it in "privately" staged copies of the PG doc like, for example, here:
postgrespro.com/docs/postgresql/10/role-attributes
access.crunchydata.com/documentation/postgresql15/15.1/role-attributes.html
But now it's simply vanished from both the Version 11 doc and the "current" doc. (I didn't check the versions in
between.)
What was the rationale for removing it? The practice recommendation makes sense to me. And I've implemented a scheme
fordatabase and role provisioning that uses just such a non-superuser with CREATEDB and CREATEROLE. I'm pleased with
it.
