diff options
| author | Noah Misch <noah@leadboat.com> | 2021-03-26 10:42:17 -0700 |
|---|---|---|
| committer | Noah Misch <noah@leadboat.com> | 2021-03-26 10:42:17 -0700 |
| commit | a14a0118a1fecf4066e53af52ed0f188607d0c4b (patch) | |
| tree | d24b18e8c0fe2d3af805efe11e54d5718c249732 /doc/src | |
| parent | f687bf61ed4dc75ec074c387f848147da2097e13 (diff) | |
| download | postgresql-a14a0118a1fecf4066e53af52ed0f188607d0c4b.tar.gz postgresql-a14a0118a1fecf4066e53af52ed0f188607d0c4b.zip | |
Add "pg_database_owner" default role.
Membership consists, implicitly, of the current database owner. Expect
use in template databases. Once pg_database_owner has rights within a
template, each owner of a database instantiated from that template will
exercise those rights.
Reviewed by John Naylor.
Discussion: https://postgr.es/m/20201228043148.GA1053024@rfd.leadboat.com
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/catalogs.sgml | 3 | ||||
| -rw-r--r-- | doc/src/sgml/user-manag.sgml | 15 |
2 files changed, 18 insertions, 0 deletions
diff --git a/doc/src/sgml/catalogs.sgml b/doc/src/sgml/catalogs.sgml index cd00d9e3bb0..0f8703af5a5 100644 --- a/doc/src/sgml/catalogs.sgml +++ b/doc/src/sgml/catalogs.sgml @@ -10138,6 +10138,9 @@ SCRAM-SHA-256$<replaceable><iteration count></replaceable>:<replaceable>&l <primary>pg_group</primary> </indexterm> + <!-- Unlike information_schema.applicable_roles, this shows no members for + pg_database_owner. The v8.1 catalog would have shown no members if + that role had existed at the time. --> <para> The view <structname>pg_group</structname> exists for backwards compatibility: it emulates a catalog that existed in diff --git a/doc/src/sgml/user-manag.sgml b/doc/src/sgml/user-manag.sgml index a7c187896bd..6920f2db2b2 100644 --- a/doc/src/sgml/user-manag.sgml +++ b/doc/src/sgml/user-manag.sgml @@ -541,6 +541,10 @@ DROP ROLE doomed_role; <literal>pg_stat_scan_tables</literal>.</entry> </row> <row> + <entry>pg_database_owner</entry> + <entry>None. Membership consists, implicitly, of the current database owner.</entry> + </row> + <row> <entry>pg_signal_backend</entry> <entry>Signal another backend to cancel a query or terminate its session.</entry> </row> @@ -573,6 +577,17 @@ DROP ROLE doomed_role; </para> <para> + The <literal>pg_database_owner</literal> role has one implicit, + situation-dependent member, namely the owner of the current database. The + role conveys no rights at first. Like any role, it can own objects or + receive grants of access privileges. Consequently, once + <literal>pg_database_owner</literal> has rights within a template database, + each owner of a database instantiated from that template will exercise those + rights. <literal>pg_database_owner</literal> cannot be a member of any + role, and it cannot have non-implicit members. + </para> + + <para> The <literal>pg_signal_backend</literal> role is intended to allow administrators to enable trusted, but non-superuser, roles to send signals to other backends. Currently this role enables sending of signals for |