| From: | Nathan Bossart <nathandbossart(at)gmail(dot)com> |
|---|---|
| To: | Yurii Rashkovskii <yrashk(at)gmail(dot)com> |
| Cc: | pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: ALTER ROLE documentation improvement |
| Date: | 2023-09-15 20:53:01 |
| Message-ID: | 20230915205301.GB2005906@nathanxps13 |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Fri, Sep 15, 2023 at 11:46:35AM -0700, Yurii Rashkovskii wrote:
> It appears that 16.0 improved some of the checks in ALTER ROLE. Previously,
> it was possible to do the following (assuming current_user is a bootstrap
> user):
>
> ```
> ALTER ROLE current_user NOSUPERUSER
> ```
>
> As of 16.0, this produces an error:
>
> ```
> ERROR: permission denied to alter role
> DETAIL: The bootstrap user must have the SUPERUSER attribute.
> ```
>
> The attached patch documents this behavior by providing a bit more
> clarification to the following statement:
>
> "Database superusers can change any of these settings for any role."
I think this could also be worth a mention in the glossary [0]. BTW the
glossary calls this role the "bootstrap superuser", but the DETAIL message
calls it the "bootstrap user". Perhaps we should standardize on one name.
[0] https://www.postgresql.org/docs/devel/glossary.html
--
Nathan Bossart
Amazon Web Services: https://aws.amazon.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2023-09-15 21:14:45 | Re: JSON Path and GIN Questions |
| Previous Message | Nathan Bossart | 2023-09-15 20:47:11 | Re: SET ROLE documentation improvement |