[Doc Patch] Clarify that CREATEROLE roles can GRANT default roles

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[Doc Patch] Clarify that CREATEROLE roles can GRANT default roles

Michael Banck-2
Hi,

https://www.postgresql.org/docs/current/default-roles.html mentions the
"Administrator" several times, but does not specify it further. I
understand that it is mentioned elsewhere [1], but I think it would be
beneficial to remind the reader on that page at least once that
"Administrators" includes "roles with the CREATEROLE privilege" in the
context of GRANTing and REVOKEing default privileges, e.g. with the
attached patch.


Michael

[1] e.g. at https://www.postgresql.org/docs/current/sql-createrole.html
it is mentioned that CREATEROLE privs can be regarded as "almost-superuser-roles"

--
Michael Banck
Projektleiter / Senior Berater
Tel.: +49 2166 9901-171
Fax:  +49 2166 9901-100
Email: [hidden email]

credativ GmbH, HRB Mönchengladbach 12080
USt-ID-Nummer: DE204566209
Trompeterallee 108, 41189 Mönchengladbach
Geschäftsführung: Dr. Michael Meskes, Jörg Folz, Sascha Heuer

Unser Umgang mit personenbezogenen Daten unterliegt
folgenden Bestimmungen: https://www.credativ.de/datenschutz

default-roles-createrole.patch (1K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [Doc Patch] Clarify that CREATEROLE roles can GRANT default roles

Masahiko Sawada
Hi Michael,

On Sat, Nov 28, 2020 at 7:50 AM Michael Banck <[hidden email]> wrote:

>
> Hi,
>
> https://www.postgresql.org/docs/current/default-roles.html mentions the
> "Administrator" several times, but does not specify it further. I
> understand that it is mentioned elsewhere [1], but I think it would be
> beneficial to remind the reader on that page at least once that
> "Administrators" includes "roles with the CREATEROLE privilege" in the
> context of GRANTing and REVOKEing default privileges, e.g. with the
> attached patch.
>

You sent in your patch, default-roles-createrole.patch to
pgsql-hackers on Nov 28, but you did not post it to the next
CommitFest[1].  If this was intentional, then you need to take no
action.  However, if you want your patch to be reviewed as part of the
upcoming CommitFest, then you need to add it yourself before
2021-01-01 AoE[2]. Thanks for your contributions.

Regards,

[1] https://commitfest.postgresql.org/31/
[2] https://en.wikipedia.org/wiki/Anywhere_on_Earth

--
Masahiko Sawada
EnterpriseDB:  https://www.enterprisedb.com/


Reply | Threaded
Open this post in threaded view
|

Re: [Doc Patch] Clarify that CREATEROLE roles can GRANT default roles

Michael Banck-2
Hi,

Am Montag, den 28.12.2020, 20:41 +0900 schrieb Masahiko Sawada:

> On Sat, Nov 28, 2020 at 7:50 AM Michael Banck <[hidden email]> wrote:
> > https://www.postgresql.org/docs/current/default-roles.html mentions the
> > "Administrator" several times, but does not specify it further. I
> > understand that it is mentioned elsewhere [1], but I think it would be
> > beneficial to remind the reader on that page at least once that
> > "Administrators" includes "roles with the CREATEROLE privilege" in the
> > context of GRANTing and REVOKEing default privileges, e.g. with the
> > attached patch.
> >
>
> You sent in your patch, default-roles-createrole.patch to
> pgsql-hackers on Nov 28, but you did not post it to the next
> CommitFest[1].  If this was intentional, then you need to take no
> action.  However, if you want your patch to be reviewed as part of the
> upcoming CommitFest, then you need to add it yourself before
> 2021-01-01 AoE[2]. Thanks for your contributions.

Thanks for reminding me, I've done so now[1].


Michael

[1] https://commitfest.postgresql.org/31/2921/

--
Michael Banck
Projektleiter / Senior Berater
Tel.: +49 2166 9901-171
Fax:  +49 2166 9901-100
Email: [hidden email]

credativ GmbH, HRB Mönchengladbach 12080
USt-ID-Nummer: DE204566209
Trompeterallee 108, 41189 Mönchengladbach
Geschäftsführung: Dr. Michael Meskes, Jörg Folz, Sascha Heuer

Unser Umgang mit personenbezogenen Daten unterliegt
folgenden Bestimmungen: https://www.credativ.de/datenschutz



Reply | Threaded
Open this post in threaded view
|

Re: [Doc Patch] Clarify that CREATEROLE roles can GRANT default roles

Robert Treat-3
On Thu, Dec 31, 2020 at 10:05 AM Michael Banck
<[hidden email]> wrote:

>
> Hi,
>
> Am Montag, den 28.12.2020, 20:41 +0900 schrieb Masahiko Sawada:
> > On Sat, Nov 28, 2020 at 7:50 AM Michael Banck <[hidden email]> wrote:
> > > https://www.postgresql.org/docs/current/default-roles.html mentions the
> > > "Administrator" several times, but does not specify it further. I
> > > understand that it is mentioned elsewhere [1], but I think it would be
> > > beneficial to remind the reader on that page at least once that
> > > "Administrators" includes "roles with the CREATEROLE privilege" in the
> > > context of GRANTing and REVOKEing default privileges, e.g. with the
> > > attached patch.
> > >

Took look at the wording and +1 from me on the proposed change. FWIW,
I believe the preceding sentence would be more grammatically correct
if the word "which" was replaced with "that", ie. PostgreSQL provides
a set of default roles /that/ provide access to certain, commonly
needed, privileged capabilities and information.

Robert Treat
https://xzilla.net