Re: New predefined roles- 'pg_read/write_all_data'
Michael Banck <michael.banck@credativ.de>
From: Michael Banck <michael.banck@credativ.de>
To: Stephen Frost <sfrost@snowman.net>
Cc: gkokolatos@pm.me, Anastasia Lubennikova <a.lubennikova@postgrespro.ru>, "pgsql-hackers@lists.postgresql.org" <pgsql-hackers@lists.postgresql.org>
Date: 2021-04-07T10:36:11Z
Lists: pgsql-hackers
Hi, On Thu, Apr 01, 2021 at 04:00:06PM -0400, Stephen Frost wrote: > diff --git a/doc/src/sgml/user-manag.sgml b/doc/src/sgml/user-manag.sgml > index d171b13236..fe0bdb7599 100644 > --- a/doc/src/sgml/user-manag.sgml > +++ b/doc/src/sgml/user-manag.sgml > @@ -518,6 +518,24 @@ DROP ROLE doomed_role; > </row> > </thead> > <tbody> > + <row> > + <entry>pg_read_all_data</entry> > + <entry>Read all data (tables, views, sequences), as if having SELECT > + rights on those objects, and USAGE rights on all schemas, even without > + having it explicitly. This role does not have the role attribute > + <literal>BYPASSRLS</literal> set. If RLS is being used, an administrator > + may wish to set <literal>BYPASSRLS</literal> on roles which this role is > + GRANTed to.</entry> > + </row> > + <row> > + <entry>pg_write_all_data</entry> > + <entry>Write all data (tables, views, sequences), as if having INSERT, > + UPDATE, and DELETE rights on those objects, and USAGE rights on all > + schemas, even without having it explicitly. This role does not have the > + role attribute <literal>BYPASSRLS</literal> set. If RLS is being used, > + an administrator may wish to set <literal>BYPASSRLS</literal> on roles > + which this role is GRANTed to.</entry> > + </row> Shouldn't those "SELECT", "INSERT" etc. be wrapped in <command> tags? Michael -- Michael Banck Projektleiter / Senior Berater Tel.: +49 2166 9901-171 Fax: +49 2166 9901-100 Email: michael.banck@credativ.de credativ GmbH, HRB Mönchengladbach 12080 USt-ID-Nummer: DE204566209 Trompeterallee 108, 41189 Mönchengladbach Geschäftsführung: Dr. Michael Meskes, Sascha Heuer Unser Umgang mit personenbezogenen Daten unterliegt folgenden Bestimmungen: https://www.credativ.de/datenschutz
Commits
-
docs: Add command tags for SQL commands
- 8f6c11034976 14.0 landed
- f01727290fe0 15.0 landed
-
Add pg_read_all_data and pg_write_all_data roles
- 6c3ffd697e22 14.0 landed