Thread: roles that have the CREATEROLE privilege can no longer GRANT predefined roles
roles that have the CREATEROLE privilege can no longer GRANT predefined roles
From
PG Doc comments form
Date:
The following documentation comment has been logged on the website: Page: https://www.postgresql.org/docs/16/predefined-roles.html Description: roles that have the CREATEROLE privilege can no longer GRANT predefined roles unless they are part of it having the WITH ADMIN option. this needs to be corrected in the documentation https://www.postgresql.org/docs/current/predefined-roles.html
Re: roles that have the CREATEROLE privilege can no longer GRANT predefined roles
From
Laurenz Albe
Date:
On Wed, 2024-05-01 at 16:09 +0000, PG Doc comments form wrote: > Page: https://www.postgresql.org/docs/16/predefined-roles.html > > roles that have the CREATEROLE privilege can no longer GRANT predefined > roles unless they are part of it having the WITH ADMIN option. this needs to > be corrected in the documentation I see what you mean. This text: Administrators (including roles that have the CREATEROLE privilege) can GRANT these roles to users and/or other roles ... should probably become Administrators (including roles that have the CREATEROLE privilege and have been granted the predefined role with the ADMIN option) can GRANT these roles to users and/or other roles ... Yours, Laurenz Albe
Re: roles that have the CREATEROLE privilege can no longer GRANT predefined roles
From
"David G. Johnston"
Date:
On Thu, May 2, 2024 at 3:36 AM Laurenz Albe <laurenz.albe@cybertec.at> wrote:
On Wed, 2024-05-01 at 16:09 +0000, PG Doc comments form wrote:
> Page: https://www.postgresql.org/docs/16/predefined-roles.html
>
> roles that have the CREATEROLE privilege can no longer GRANT predefined
> roles unless they are part of it having the WITH ADMIN option. this needs to
> be corrected in the documentation
I see what you mean. This text:
Administrators (including roles that have the CREATEROLE privilege)
can GRANT these roles to users and/or other roles ...
should probably become
Administrators (including roles that have the CREATEROLE privilege and have been
granted the predefined role with the ADMIN option)
can GRANT these roles to users and/or other roles ...
I would suggest just replacing the attempt at describing "performing group membership" here with a link to:
Like this:
"Normal roles can exercise these privileges by being added as member of these group roles as described in <xref>."
There isn't anything about these predefined roles and role membership that doesn't apply to any other role.
Though skimming that section it seems to need updating along the lines discussed above.
David J.