Re: improve predefined roles documentation

Robert Haas <robertmhaas@gmail.com>

From: Robert Haas <robertmhaas@gmail.com>
To: Nathan Bossart <nathandbossart@gmail.com>
Cc: "David G. Johnston" <david.g.johnston@gmail.com>, pgsql-hackers@postgresql.org
Date: 2024-06-25T16:16:30Z
Lists: pgsql-hackers
On Tue, Jun 25, 2024 at 11:35 AM Nathan Bossart
<nathandbossart@gmail.com> wrote:
> IIUC the intent of this is to expand on the following sentence in the
> existing docs:
>
>         pg_database_owner cannot be a member of any role, and it cannot have
>         non-implicit members.
>
> My instinct would be to do something like this:
>
>         pg_database_owner cannot be granted membership in any role, and no role
>         may be granted non-implicit membership in pg_database_owner.

But you couldn't grant someone implicit membership either, because
then it wouldn't be implicit. So maybe something like this:

pg_database_owner is a predefined role for which membership consists,
implicitly, of the current database owner. It cannot be granted
membership in any role, and no role can be granted membership in
pg_database_owner. However, like any role, it can own objects or
receive grants of access privileges. Consequently, once
pg_database_owner has rights within a template database, each owner of
a database instantiated from that template will exercise those rights.
Initially, this role owns the public schema, so each database owner
governs local use of the schema.

-- 
Robert Haas
EDB: http://www.enterprisedb.com



Commits

  1. Revamp documentation for predefined roles.

  2. Introduce pg_signal_autovacuum_worker.