Re: PG 16 draft release notes ready
Pavel Luzanov <p.luzanov@postgrespro.ru>
Commits
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Revert MAINTAIN privilege and pg_maintain predefined role.
- 151c22deee66 17.0 cited
-
doc: PG 16 relnotes, remove "Have initdb use ICU by default"
- c729642bd760 16.0 cited
-
initdb: change default --locale-provider back to libc.
- 2535c74b1a61 16.0 cited
-
doc: PG 16 relnotes, add author
- b9e3f8005c99 16.0 landed
-
doc: PG 16 relnotes, move memory item and reword OUTER item
- e6a254c0d4af 16.0 landed
-
doc: PG 16 relnotes, add memory overhead reduction item
- 409d24485cbe 16.0 landed
-
doc: PG 16 relnotes, adjust subscription origin mention
- f7c16a120cfa 16.0 landed
-
doc: PG 16 relnotes, adjust auto_explain logging item
- 0bcb3ca3b95b 16.0 landed
-
doc: PG 16 relnotes: adjust outer/full hash join parallelization
- 5a6464096622 16.0 landed
-
doc: PG 16 relnotes, fix duplicate author and commit
- 9e28b83ae6fa 16.0 landed
-
doc: PG 16 relnotes, fix "locale" typo and windows locale text
- 503b0556d96f 16.0 landed
-
doc: PG 16 relnotes, add author from previous merge
- 46ba86cd32dc 16.0 landed
-
doc: PG 16 relnotes, wording adjustments
- 5c2c59ba0b5f 16.0 landed
-
doc: PG 16 relnotes, merge and move vector items
- ad5406246bff 16.0 landed
-
doc: PG 16 relnotes, update xid/subxid searches item
- a817edbf6f30 16.0 landed
-
doc: PG 16 relnotes, SIMD improvements
- 5cb54fc310fb 16.0 landed
-
doc: PG 16 relnotes, add major features list
- 60751aa50313 16.0 landed
-
doc: PG 16 relnotes, misc merged items and bootstrap detail
- de7c3fd34e0f 16.0 landed
-
doc: PG 16 relnotes, misc. updates
- c822358a256c 16.0 landed
-
doc: PG 16 relnotes, add commits
- 30579d23b226 16.0 landed
-
Allow logical decoding on standbys
- 0fdab27ad68a 16.0 cited
-
Fix ts_headline() edge cases for empty query and empty search text.
- 029dea882a7a 16.0 cited
-
Add a hook for modifying the ldapbind password
- 419a8dd8142a 16.0 cited
-
Rework design of functions in pg_walinspect
- 5c1b6628075a 16.0 cited
-
initdb: derive encoding from locale for ICU; similar to libc.
- c45dc7ffbba2 16.0 cited
-
Doc: add XML ID attributes to <sectN> and <varlistentry> tags.
- 78ee60ed84bb 16.0 cited
-
Simplify the implementations of the to_reg* functions.
- 3ea7329c9a79 16.0 cited
-
Rename pg_dissect_walfile_name() to pg_split_walfile_name()
- 13e0d7a60385 16.0 cited
-
Make materialized views participate in predicate locking
- 43351557d0d2 16.0 cited
-
Improve performance of and reduce overheads of memory management
- c6e0fe1f2a08 16.0 cited
-
Allow grant-level control of role inheritance behavior.
- e3ce2de09d81 16.0 cited
On 17.08.2023 05:36, Bruce Momjian wrote: > On Wed, Aug 9, 2023 at 08:35:21PM -0400, Bruce Momjian wrote: >> On Sat, Aug 5, 2023 at 04:08:47PM -0700, Noah Misch wrote: >>>> Author: Robert Haas <rhaas@postgresql.org> >>>> 2022-08-25 [e3ce2de09] Allow grant-level control of role inheritance behavior. >>>> --> >>>> >>>> <listitem> >>>> <para> >>>> Allow GRANT to control role inheritance behavior (Robert Haas) >>>> </para> >>>> >>>> <para> >>>> By default, role inheritance is controlled by the inheritance status of the member role. The new GRANT clauses WITH INHERIT and WITH ADMIN can now override this. >>>> </para> >>>> </listitem> >>>> >>>> <!-- >>>> Author: Robert Haas <rhaas@postgresql.org> >>>> 2023-01-10 [e5b8a4c09] Add new GUC createrole_self_grant. >>>> Author: Daniel Gustafsson <dgustafsson@postgresql.org> >>>> 2023-02-22 [e00bc6c92] doc: Add default value of createrole_self_grant >>>> --> >>>> >>>> <listitem> >>>> <para> >>>> Allow roles that create other roles to automatically inherit the new role's rights or SET ROLE to the new role (Robert Haas, Shi Yu) >>>> </para> >>>> >>>> <para> >>>> This is controlled by server variable createrole_self_grant. >>>> </para> >>>> </listitem> >>> Similarly, v16 radically changes the CREATE ROLE ... WITH INHERIT clause. The >>> clause used to "change the behavior of already-existing grants." Let's merge >>> these two and move the combination to the incompatibilities section. >> I need help with this. I don't understand how they can be combined, and >> I don't understand the incompatibility text in commit e3ce2de09d: >> >> If a GRANT does not specify WITH INHERIT, the behavior based on >> whether the member role is marked INHERIT or NOINHERIT. This means >> that if all roles are marked INHERIT or NOINHERIT before any role >> grants are performed, the behavior is identical to what we had before; >> otherwise, it's different, because ALTER ROLE [NO]INHERIT now only >> changes the default behavior of future grants, and has no effect on >> existing ones. > I am waiting for an answer to this question, or can I assume the release > notes are acceptable? I can try to explain how I understand it myself. In v15 and early, inheritance of granted to role privileges depends on INHERIT attribute of a role: create user alice; grant pg_read_all_settings to alice; By default privileges inherited: \c - alice show data_directory; data_directory ----------------------------- /var/lib/postgresql/15/main (1 row) After disabling the INHERIT attribute, privileges are not inherited: \c - postgres alter role alice noinherit; \c - alice show data_directory; ERROR: must be superuser or have privileges of pg_read_all_settings to examine "data_directory" In v16 changing INHERIT attribute on alice role doesn't change inheritance behavior of already granted roles. If we repeat the example, Alice still inherits pg_read_all_settings privileges after disabling the INHERIT attribute for the role. Information for making decisions about role inheritance has been moved from the role attribute to GRANT role TO role [WITH INHERIT|NOINHERIT] command and can be viewed by the new \drg command: \drg List of role grants Role name | Member of | Options | Grantor -----------+----------------------+--------------+---------- alice | pg_read_all_settings | INHERIT, SET | postgres (1 row) Changing the INHERIT attribute for a role now will affect (as the default value) only future GRANT commands without an INHERIT clause. -- Pavel Luzanov Postgres Professional: https://postgrespro.com