Re: SET ROLE documentation improvement
Nathan Bossart <nathandbossart@gmail.com>
From: Nathan Bossart <nathandbossart@gmail.com>
To: Robert Haas <robertmhaas@gmail.com>
Cc: Yurii Rashkovskii <yrashk@gmail.com>, pgsql-hackers@lists.postgresql.org
Date: 2024-03-22T20:51:34Z
Lists: pgsql-hackers
On Fri, Mar 22, 2024 at 03:45:06PM -0500, Nathan Bossart wrote: > On Fri, Mar 22, 2024 at 03:58:59PM -0400, Robert Haas wrote: >> On Fri, Nov 10, 2023 at 12:41 PM Nathan Bossart >> <nathandbossart@gmail.com> wrote: >>> I still think we should update the existing note about privileges for >>> SET/RESET ROLE to something like the following: >>> >>> diff --git a/doc/src/sgml/ref/set_role.sgml b/doc/src/sgml/ref/set_role.sgml >>> index 13bad1bf66..c91a95f5af 100644 >>> --- a/doc/src/sgml/ref/set_role.sgml >>> +++ b/doc/src/sgml/ref/set_role.sgml >>> @@ -41,8 +41,10 @@ RESET ROLE >>> </para> >>> >>> <para> >>> - The specified <replaceable class="parameter">role_name</replaceable> >>> - must be a role that the current session user is a member of. >>> + The current session user must have the <literal>SET</option> for the >>> + specified <replaceable class="parameter">role_name</replaceable>, either >>> + directly or indirectly via a chain of memberships with the >>> + <literal>SET</literal> option. >>> (If the session user is a superuser, any role can be selected.) >>> </para> >> >> This is a good change; I should have done this when SET was added. > > Cool. Actually, shouldn't this one be back-patched to v16? If so, I'd do that one separately from the other changes we are discussing. -- Nathan Bossart Amazon Web Services: https://aws.amazon.com
Commits
-
doc: Note exceptions for SET ROLE's effect on privilege checks.
- 953cf49e166a 17.0 landed
-
doc: Clarify requirements for SET ROLE.
- d82dc79ba03c 16.3 landed
- 3330a8d1b792 17.0 landed