On Tue, Jun 25, 2024 at 11:28:18AM -0500, Nathan Bossart wrote:
> On Tue, Jun 25, 2024 at 12:16:30PM -0400, Robert Haas wrote:
>> pg_database_owner is a predefined role for which membership consists,
>> implicitly, of the current database owner. It cannot be granted
>> membership in any role, and no role can be granted membership in
>> pg_database_owner. However, like any role, it can own objects or
>> receive grants of access privileges. Consequently, once
>> pg_database_owner has rights within a template database, each owner of
>> a database instantiated from that template will exercise those rights.
>> Initially, this role owns the public schema, so each database owner
>> governs local use of the schema.
>
> The main difference between this and the existing documentation is that the
> sentence on membership has been rephrased and moved to earlier in the
> paragraph. I think this helps the logical flow a bit. We first talk about
> implicit membership, then explicit membership, then we talk about
> privileges and the consequences of those privileges, and finally we talk
> about the default privileges. So, WFM.
I used this in v4 (with some minor changes). I've copied it here to ease
review.
pg_database_owner always has exactly one implicit member: the current
database owner. It cannot be granted membership in any role, and no
role can be granted membership in pg_database_owner. However, like any
other role, it can own objects and receive grants of access privileges.
Consequently, once pg_database_owner has rights within a template
database, each owner of a database instantiated from that template will
possess those rights. Initially, this role owns the public schema, so
each database owner governs local use of that schema.
--
nathan
