Re: SET ROLE documentation improvement

Yurii Rashkovskii <yrashk@gmail.com>

From: Yurii Rashkovskii <yrashk@gmail.com>
To: Nathan Bossart <nathandbossart@gmail.com>
Cc: pgsql-hackers@lists.postgresql.org
Date: 2023-09-15T21:36:16Z
Lists: pgsql-hackers
On Fri, Sep 15, 2023 at 1:47 PM Nathan Bossart <nathandbossart@gmail.com>
wrote:

> On Fri, Sep 15, 2023 at 11:26:16AM -0700, Yurii Rashkovskii wrote:
> > I believe SET ROLE documentation makes a slightly incomplete statement
> > about what happens when a superuser uses SET ROLE.
> >
> > The documentation reading suggests that the superuser would lose all
> their
> > privileges. However, they still retain the ability to use `SET ROLE`
> again.
> >
> > The attached patch adds this bit to the documentation.
>
> IMO this is arguably covered by the following note:
>
>    The specified <replaceable class="parameter">role_name</replaceable>
>    must be a role that the current session user is a member of.
>    (If the session user is a superuser, any role can be selected.)
>
>
I agree that this may be considered sufficient coverage, but I believe that
giving contextual clarification goes a long way to help people understand.
Documentation reading can be challenging.


> But I don't see a big issue with clarifying things further as you propose.
>
> I think another issue is that the aforementioned note doesn't mention the
> new SET option added in 3d14e17.
>

How do you think we should word it in that note to make it useful?


-- 
Y.

Commits

  1. doc: Note exceptions for SET ROLE's effect on privilege checks.

  2. doc: Clarify requirements for SET ROLE.