Quick Links

Re: Question about role attributes docs

From:	Fujii Masao <masao(dot)fujii(at)oss(dot)nttdata(dot)com>
To:	Shinya Kato <Shinya11(dot)Kato(at)oss(dot)nttdata(dot)com>, Swaha Miller <swaha(dot)miller(at)gmail(dot)com>
Cc:	Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>, pgsql-docs(at)lists(dot)postgresql(dot)org
Subject:	Re: Question about role attributes docs
Date:	2022-07-22 15:35:13
Message-ID:	d2f9d8d9-83aa-061a-7178-6ef79ac3d8ad@oss.nttdata.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-docs

On 2022/03/17 17:56, Shinya Kato wrote:
> Thank you for the review, and sorry for late reply.
> I fixed it.

Thanks for updating the patch!

I found that the patch has two trailing whitespaces.

+ A role can explicitly be restricted at time of creation from inheriting privileges of
+ roles it is a member of (except for superusers, since those bypass all permission checks.)
+ Restricting privileges is done by the <literal>NOINHERIT</literal> option.
+ If no option is specified, <literal>INHERIT</literal> is the default. So to create a role that inherits
+ privileges, use either:

It sounds strange to me that restriction of inheritance is explained at the beginning. Instead, something like the following is more intuitive and easy-to-understand to users?

------------------------
A role is given permission to inherit the privileges of roles it is a member of, by default. However, to create a role without the permission, use CREATE ROLE name NOINHERIT.
------------------------

+ A role must be explicitly given permission to bypass row-level security (RLS) policy.
+ (except for superusers, since those bypass all permission checks).

Like CREATE ROLE docs does, isn't it better to add "every" just before "row-level"?

A dot just between "policy" and "(except" should be removed.

+ <term>bypass row-level security<indexterm><primary>role</primary><secondary>privilege to bypass</secondary></indexterm></term>

"bypass" should be "bypassing" or something because a noun is used for each entry title in other places?

+ To create such a role, use <literal>CREATE ROLE <replaceable>name</replaceable> BYPASSRLS</literal>.

Isn't it better to add "as a superuser" just after "BYPASSRLS</literal>" because only a superuser can create a new role having the BYPASSRLS attribute?

+ -1 (the default) means no limit. To create such a role, use <literal>CREATE ROLE <replaceable>name</replaceable> CONNECTION LIMIT<replaceable> connlimit</replaceable> LOGIN</literal>.

"To create such a role" sounds odd to me in this context. Instead, how about something like "Specify connection limit upon role creation with CREATE ROLE name CONNECTION LIMIT 'integer'."?

Regards,

--
Fujii Masao
Advanced Computing Technology Center
Research and Development Headquarters
NTT DATA CORPORATION

In response to

Re: Question about role attributes docs at 2022-03-17 08:56:58 from Shinya Kato

Responses

Re: Question about role attributes docs at 2022-07-25 03:29:54 from Shinya Kato

Browse pgsql-docs by date

	From	Date	Subject
Next Message	David G. Johnston	2022-07-22 16:25:43	Re: documentation on HOT
Previous Message	Jonathan S. Katz	2022-07-22 15:09:49	Re: documentation on HOT