Re: SET ROLE documentation improvement
Yurii Rashkovskii <yrashk@gmail.com>
From: Yurii Rashkovskii <yrashk@gmail.com>
To: Nathan Bossart <nathandbossart@gmail.com>
Cc: pgsql-hackers@lists.postgresql.org
Date: 2023-09-15T21:36:16Z
Lists: pgsql-hackers
On Fri, Sep 15, 2023 at 1:47 PM Nathan Bossart <nathandbossart@gmail.com> wrote: > On Fri, Sep 15, 2023 at 11:26:16AM -0700, Yurii Rashkovskii wrote: > > I believe SET ROLE documentation makes a slightly incomplete statement > > about what happens when a superuser uses SET ROLE. > > > > The documentation reading suggests that the superuser would lose all > their > > privileges. However, they still retain the ability to use `SET ROLE` > again. > > > > The attached patch adds this bit to the documentation. > > IMO this is arguably covered by the following note: > > The specified <replaceable class="parameter">role_name</replaceable> > must be a role that the current session user is a member of. > (If the session user is a superuser, any role can be selected.) > > I agree that this may be considered sufficient coverage, but I believe that giving contextual clarification goes a long way to help people understand. Documentation reading can be challenging. > But I don't see a big issue with clarifying things further as you propose. > > I think another issue is that the aforementioned note doesn't mention the > new SET option added in 3d14e17. > How do you think we should word it in that note to make it useful? -- Y.
Commits
-
doc: Note exceptions for SET ROLE's effect on privilege checks.
- 953cf49e166a 17.0 landed
-
doc: Clarify requirements for SET ROLE.
- d82dc79ba03c 16.3 landed
- 3330a8d1b792 17.0 landed