Re: PG 16 draft release notes ready
Bruce Momjian <bruce@momjian.us>
Commits
GET /api/v1/messages/:b64id/commits
the thread's linked commits as JSON, with link sources.
API reference →
-
Revert MAINTAIN privilege and pg_maintain predefined role.
- 151c22deee66 17.0 cited
-
doc: PG 16 relnotes, remove "Have initdb use ICU by default"
- c729642bd760 16.0 cited
-
initdb: change default --locale-provider back to libc.
- 2535c74b1a61 16.0 cited
-
doc: PG 16 relnotes, add author
- b9e3f8005c99 16.0 landed
-
doc: PG 16 relnotes, move memory item and reword OUTER item
- e6a254c0d4af 16.0 landed
-
doc: PG 16 relnotes, add memory overhead reduction item
- 409d24485cbe 16.0 landed
-
doc: PG 16 relnotes, adjust subscription origin mention
- f7c16a120cfa 16.0 landed
-
doc: PG 16 relnotes, adjust auto_explain logging item
- 0bcb3ca3b95b 16.0 landed
-
doc: PG 16 relnotes: adjust outer/full hash join parallelization
- 5a6464096622 16.0 landed
-
doc: PG 16 relnotes, fix duplicate author and commit
- 9e28b83ae6fa 16.0 landed
-
doc: PG 16 relnotes, fix "locale" typo and windows locale text
- 503b0556d96f 16.0 landed
-
doc: PG 16 relnotes, add author from previous merge
- 46ba86cd32dc 16.0 landed
-
doc: PG 16 relnotes, wording adjustments
- 5c2c59ba0b5f 16.0 landed
-
doc: PG 16 relnotes, merge and move vector items
- ad5406246bff 16.0 landed
-
doc: PG 16 relnotes, update xid/subxid searches item
- a817edbf6f30 16.0 landed
-
doc: PG 16 relnotes, SIMD improvements
- 5cb54fc310fb 16.0 landed
-
doc: PG 16 relnotes, add major features list
- 60751aa50313 16.0 landed
-
doc: PG 16 relnotes, misc merged items and bootstrap detail
- de7c3fd34e0f 16.0 landed
-
doc: PG 16 relnotes, misc. updates
- c822358a256c 16.0 landed
-
doc: PG 16 relnotes, add commits
- 30579d23b226 16.0 landed
-
Allow logical decoding on standbys
- 0fdab27ad68a 16.0 cited
-
Fix ts_headline() edge cases for empty query and empty search text.
- 029dea882a7a 16.0 cited
-
Add a hook for modifying the ldapbind password
- 419a8dd8142a 16.0 cited
-
Rework design of functions in pg_walinspect
- 5c1b6628075a 16.0 cited
-
initdb: derive encoding from locale for ICU; similar to libc.
- c45dc7ffbba2 16.0 cited
-
Doc: add XML ID attributes to <sectN> and <varlistentry> tags.
- 78ee60ed84bb 16.0 cited
-
Simplify the implementations of the to_reg* functions.
- 3ea7329c9a79 16.0 cited
-
Rename pg_dissect_walfile_name() to pg_split_walfile_name()
- 13e0d7a60385 16.0 cited
-
Make materialized views participate in predicate locking
- 43351557d0d2 16.0 cited
-
Improve performance of and reduce overheads of memory management
- c6e0fe1f2a08 16.0 cited
-
Allow grant-level control of role inheritance behavior.
- e3ce2de09d81 16.0 cited
Attachments
- relnotes-16.diff (text/x-diff) patch
On Sat, Aug 19, 2023 at 12:59:47PM -0400, Bruce Momjian wrote: > On Thu, Aug 17, 2023 at 08:37:28AM +0300, Pavel Luzanov wrote: > > I can try to explain how I understand it myself. > > > > In v15 and early, inheritance of granted to role privileges depends on > > INHERIT attribute of a role: > > > > create user alice; > > grant pg_read_all_settings to alice; > > > > By default privileges inherited: > > \c - alice > > show data_directory; > > data_directory > > ----------------------------- > > /var/lib/postgresql/15/main > > (1 row) > > > > After disabling the INHERIT attribute, privileges are not inherited: > > > > \c - postgres > > alter role alice noinherit; > > > > \c - alice > > show data_directory; > > ERROR: must be superuser or have privileges of pg_read_all_settings to > > examine "data_directory" > > > > In v16 changing INHERIT attribute on alice role doesn't change inheritance > > behavior of already granted roles. > > If we repeat the example, Alice still inherits pg_read_all_settings > > privileges after disabling the INHERIT attribute for the role. > > > > Information for making decisions about role inheritance has been moved from > > the role attribute to GRANT role TO role [WITH INHERIT|NOINHERIT] command > > and can be viewed by the new \drg command: > > > > \drg > > List of role grants > > Role name | Member of | Options | Grantor > > -----------+----------------------+--------------+---------- > > alice | pg_read_all_settings | INHERIT, SET | postgres > > (1 row) > > > > Changing the INHERIT attribute for a role now will affect (as the default > > value) only future GRANT commands without an INHERIT clause. > > I was able to create this simple example to illustrate it: > > CREATE ROLE a1; > CREATE ROLE a2; > CREATE ROLE a3; > CREATE ROLE a4; > CREATE ROLE b INHERIT; > > GRANT a1 TO b WITH INHERIT TRUE; > GRANT a2 TO b WITH INHERIT FALSE; > > GRANT a3 TO b; > ALTER USER b NOINHERIT; > GRANT a4 TO b; > > \drg > List of role grants > Role name | Member of | Options | Grantor > -----------+-----------+--------------+---------- > b | a1 | INHERIT, SET | postgres > b | a2 | SET | postgres > b | a3 | INHERIT, SET | postgres > b | a4 | SET | postgres > > I will work on the relase notes adjustments for this and reply in a few > days. Attached is an applied patch that moves the inherit item into incompatibilities. clarifies it, and splits out the ADMIN syntax item. Please let me know if I need any other changes. Thanks. -- Bruce Momjian <bruce@momjian.us> https://momjian.us EDB https://enterprisedb.com Only you can decide what is important to you.