Thread: CREATE/ALTER ROLE with NULL password
The following documentation comment has been logged on the website: Page: https://www.postgresql.org/docs/11/sql-alterrole.html Description: When creating a role with no password, or altering a role to remove its password, the ENCRYPTED clause must not be present. The current synopsis for CREATE / ALTER ROLE give one of the allowed options as: [ ENCRYPTED ] PASSWORD 'password' and the current documentation for CREATE ROLE says: "The ENCRYPTED keyword has no effect, but is accepted for backwards compatibility." I think it might be worth explicitly specifying the password-blanking form for both commands as a new option in their synopses, e.g.: " CREATE ROLE name [ [ WITH ] option [ ... ] ] where option can be: SUPERUSER | NOSUPERUSER | CREATEDB | NOCREATEDB ... | [ ENCRYPTED ] PASSWORD 'password' | PASSWORD NULL ... " Also, there is inconsistency of quoting of 'password' in the synopsis for CREATE/ALTER ROLE (has quotes) vs. their respective parameters sections (no quotes).
On Wed, Nov 21, 2018 at 07:36:59PM +0000, PG Doc comments form wrote: > The current synopsis for CREATE / ALTER ROLE give one of the allowed options > as: > [ ENCRYPTED ] PASSWORD 'password' > and the current documentation for CREATE ROLE says: > "The ENCRYPTED keyword has no effect, but is accepted for backwards > compatibility." The grammar is still supported, so keeping it documented has no actual problems until it gets removed, if that happens. Keeping it is not a real maintenance burden either. > I think it might be worth explicitly specifying the password-blanking form > for both commands as a new option in their synopses, e.g.: > > " > CREATE ROLE name [ [ WITH ] option [ ... ] ] > > where option can be: > > SUPERUSER | NOSUPERUSER > | CREATEDB | NOCREATEDB > ... > | [ ENCRYPTED ] PASSWORD 'password' | PASSWORD NULL > ... > " Yes, that the set of grammar combination supported, as ENCRYPTED PASSWORD NULL is not possible. > Also, there is inconsistency of quoting of 'password' in the synopsis for > CREATE/ALTER ROLE (has quotes) vs. their respective parameters sections (no > quotes). Agreed, this should have quotes for consistency. Any objections with the attached set of fixes from anybody? -- Michael
Attachment
On Wednesday, November 21, 2018, Michael Paquier <michael@paquier.xyz> wrote:
Yes, that the set of grammar combination supported, as ENCRYPTED
PASSWORD NULL is not possible.
Any objections with
the attached set of fixes from anybody?
Should tweak the paragraph to point out this exception as well.
The
ENCRYPTED keyword has no effect, but is accepted for backwards compatibility[, except in the PASSWORD NULL form.]David J.
On Wed, Nov 21, 2018 at 11:58:25PM -0700, David G. Johnston wrote: > Should tweak the paragraph to point out this exception as well. > > The ENCRYPTED keyword has no effect, but is accepted for backwards > compatibility[, except in the PASSWORD NULL form.] The docs list the following with the patch as supported grammar: [ ENCRYPTED ] PASSWORD 'password' | PASSWORD NULL And it seems to me that '|' has priority over '[]', so ENCRYPTED does not apply to PASSWORD NULL if phrased this way. -- Michael
Attachment
On Thursday, November 22, 2018, Michael Paquier <michael@paquier.xyz> wrote:
On Wed, Nov 21, 2018 at 11:58:25PM -0700, David G. Johnston wrote:
> Should tweak the paragraph to point out this exception as well.
>
> The ENCRYPTED keyword has no effect, but is accepted for backwards
> compatibility[, except in the PASSWORD NULL form.]
The docs list the following with the patch as supported grammar:
[ ENCRYPTED ] PASSWORD 'password' | PASSWORD NULL
And it seems to me that '|' has priority over '[]', so ENCRYPTED does
not apply to PASSWORD NULL if phrased this way.
Yes, the syntax block is perfectly clear but we still explain said grammer in words and should be precise there as well, IMO. Not a big deal though.
David J.
On Thu, Nov 22, 2018 at 09:54:07AM -0700, David G. Johnston wrote: > On Thursday, November 22, 2018, Michael Paquier <michael@paquier.xyz> wrote: >> The docs list the following with the patch as supported grammar: >> [ ENCRYPTED ] PASSWORD 'password' | PASSWORD NULL >> And it seems to me that '|' has priority over '[]', so ENCRYPTED does >> not apply to PASSWORD NULL if phrased this way. > > Yes, the syntax block is perfectly clear but we still explain said grammer > in words and should be precise there as well, IMO. Not a big deal though. Okay, thanks. I have committed the simplest version. -- Michael