Re: Add sentence about SECURITY LABEL object ownership
Laurenz Albe <laurenz.albe@cybertec.at>
From: Laurenz Albe <laurenz.albe@cybertec.at>
To: Patrick Stählin <me@packi.ch>, pgsql-docs@lists.postgresql.org
Date: 2025-06-05T14:21:47Z
Lists: pgsql-docs
On Thu, 2025-06-05 at 15:29 +0200, Patrick Stählin wrote: > Hi, > > I noticed that we don't document that you need to own the object being > modified by SECURITY LABEL. > > Page: https://www.postgresql.org/docs/current/sql-security-label.html > > I've attached a patch that would have answered that question (for me) > without diving into the code. > --- a/doc/src/sgml/ref/security_label.sgml > +++ b/doc/src/sgml/ref/security_label.sgml > @@ -84,6 +84,10 @@ SECURITY LABEL [ FOR <replaceable class="parameter">provider</replaceable> ] ON > based on object labels, rather than traditional discretionary access control > (DAC) concepts such as users and groups. > </para> > + > + <para> > + You must own the database object to use the <command>SECURITY LABEL</command>. > + </para> > </refsect1> > > <refsect1> Wouldn't it be more accurate to say that you have to be a member of the owning role? But perhaps that would be complicated enough to confuse many users. In general, +1 for documenting that. Yours, Laurenz Albe
Commits
-
Doc: you must own the target object to use SECURITY LABEL.
- 04acad82b0f9 18.0 landed
- 626b439e367d 13.22 landed
- 09498d2f2c73 14.19 landed
- 74637fb79777 15.14 landed
- aad8bd69530b 16.10 landed
- 767d38e2c096 17.6 landed