Re: PG 16 draft release notes ready

Pavel Luzanov <p.luzanov@postgrespro.ru>

From: Pavel Luzanov <p.luzanov@postgrespro.ru>
To: Bruce Momjian <bruce@momjian.us>, Noah Misch <noah@leadboat.com>
Cc: PostgreSQL-development <pgsql-hackers@postgresql.org>, Robert Haas <robertmhaas@gmail.com>
Date: 2023-08-17T05:37:28Z
Lists: pgsql-hackers

Commits

Same data as JSON: GET /api/v1/messages/:b64id/commits the thread's linked commits as JSON, with link sources. API reference →
  1. Revert MAINTAIN privilege and pg_maintain predefined role.

  2. doc: PG 16 relnotes, remove "Have initdb use ICU by default"

  3. initdb: change default --locale-provider back to libc.

  4. doc: PG 16 relnotes, add author

  5. doc: PG 16 relnotes, move memory item and reword OUTER item

  6. doc: PG 16 relnotes, add memory overhead reduction item

  7. doc: PG 16 relnotes, adjust subscription origin mention

  8. doc: PG 16 relnotes, adjust auto_explain logging item

  9. doc: PG 16 relnotes: adjust outer/full hash join parallelization

  10. doc: PG 16 relnotes, fix duplicate author and commit

  11. doc: PG 16 relnotes, fix "locale" typo and windows locale text

  12. doc: PG 16 relnotes, add author from previous merge

  13. doc: PG 16 relnotes, wording adjustments

  14. doc: PG 16 relnotes, merge and move vector items

  15. doc: PG 16 relnotes, update xid/subxid searches item

  16. doc: PG 16 relnotes, SIMD improvements

  17. doc: PG 16 relnotes, add major features list

  18. doc: PG 16 relnotes, misc merged items and bootstrap detail

  19. doc: PG 16 relnotes, misc. updates

  20. doc: PG 16 relnotes, add commits

  21. Allow logical decoding on standbys

  22. Fix ts_headline() edge cases for empty query and empty search text.

  23. Add a hook for modifying the ldapbind password

  24. Rework design of functions in pg_walinspect

  25. initdb: derive encoding from locale for ICU; similar to libc.

  26. Doc: add XML ID attributes to <sectN> and <varlistentry> tags.

  27. Simplify the implementations of the to_reg* functions.

  28. Rename pg_dissect_walfile_name() to pg_split_walfile_name()

  29. Make materialized views participate in predicate locking

  30. Improve performance of and reduce overheads of memory management

  31. Allow grant-level control of role inheritance behavior.

On 17.08.2023 05:36, Bruce Momjian wrote:
> On Wed, Aug  9, 2023 at 08:35:21PM -0400, Bruce Momjian wrote:
>> On Sat, Aug  5, 2023 at 04:08:47PM -0700, Noah Misch wrote:
>>>> Author: Robert Haas <rhaas@postgresql.org>
>>>> 2022-08-25 [e3ce2de09] Allow grant-level control of role inheritance behavior.
>>>> -->
>>>>
>>>> <listitem>
>>>> <para>
>>>> Allow GRANT to control role inheritance behavior (Robert Haas)
>>>> </para>
>>>>
>>>> <para>
>>>> By default, role inheritance is controlled by the inheritance status of the member role.  The new GRANT clauses WITH INHERIT and WITH ADMIN can now override this.
>>>> </para>
>>>> </listitem>
>>>>
>>>> <!--
>>>> Author: Robert Haas <rhaas@postgresql.org>
>>>> 2023-01-10 [e5b8a4c09] Add new GUC createrole_self_grant.
>>>> Author: Daniel Gustafsson <dgustafsson@postgresql.org>
>>>> 2023-02-22 [e00bc6c92] doc: Add default value of createrole_self_grant
>>>> -->
>>>>
>>>> <listitem>
>>>> <para>
>>>> Allow roles that create other roles to automatically inherit the new role's rights or SET ROLE to the new role (Robert Haas, Shi Yu)
>>>> </para>
>>>>
>>>> <para>
>>>> This is controlled by server variable createrole_self_grant.
>>>> </para>
>>>> </listitem>
>>> Similarly, v16 radically changes the CREATE ROLE ... WITH INHERIT clause.  The
>>> clause used to "change the behavior of already-existing grants."  Let's merge
>>> these two and move the combination to the incompatibilities section.
>> I need help with this.  I don't understand how they can be combined, and
>> I don't understand the incompatibility text in commit e3ce2de09d:
>>
>>      If a GRANT does not specify WITH INHERIT, the behavior based on
>>      whether the member role is marked INHERIT or NOINHERIT. This means
>>      that if all roles are marked INHERIT or NOINHERIT before any role
>>      grants are performed, the behavior is identical to what we had before;
>>      otherwise, it's different, because ALTER ROLE [NO]INHERIT now only
>>      changes the default behavior of future grants, and has no effect on
>>      existing ones.
> I am waiting for an answer to this question, or can I assume the release
> notes are acceptable?

I can try to explain how I understand it myself.

In v15 and early, inheritance of granted to role privileges depends on 
INHERIT attribute of a role:

create user alice;
grant pg_read_all_settings to alice;

By default privileges inherited:
\c - alice
show data_directory;
        data_directory
-----------------------------
  /var/lib/postgresql/15/main
(1 row)

After disabling the INHERIT attribute, privileges are not inherited:

\c - postgres
alter role alice noinherit;

\c - alice
show data_directory;
ERROR:  must be superuser or have privileges of pg_read_all_settings to 
examine "data_directory"

In v16 changing INHERIT attribute on alice role doesn't change 
inheritance behavior of already granted roles.
If we repeat the example, Alice still inherits pg_read_all_settings 
privileges after disabling the INHERIT attribute for the role.

Information for making decisions about role inheritance has been moved 
from the role attribute to GRANT role TO role [WITH INHERIT|NOINHERIT] 
command and can be viewed by the new \drg command:

\drg
                     List of role grants
  Role name |      Member of       |   Options    | Grantor
-----------+----------------------+--------------+----------
  alice     | pg_read_all_settings | INHERIT, SET | postgres
(1 row)

Changing the INHERIT attribute for a role now will affect (as the 
default value) only future GRANT commands without an INHERIT clause.

-- 
Pavel Luzanov
Postgres Professional: https://postgrespro.com