Re: CREATE ROLE inheritance details

Bruce Momjian <bruce@momjian.us>

From: Bruce Momjian <bruce@momjian.us>
To: "David G. Johnston" <david.g.johnston@gmail.com>
Cc: Laurenz Albe <laurenz.albe@cybertec.at>, PostgreSQL-documentation <pgsql-docs@postgresql.org>, Robert Haas <robertmhaas@gmail.com>
Date: 2024-01-27T00:18:25Z
Lists: pgsql-docs

Attachments

On Wed, Jan 17, 2024 at 02:32:47PM -0700, David G. Johnston wrote:
> I had a go at this.
> 
> I went with a more "bullet item" approach with my wording for INHERIT/
> NOINHERIT.

I tried to address that.

> The entire paragraph regarding how the INHERIT "option" works, as opposed to
> the attribute, seems out of place where it was and the material is already
> covered in the GRANT page.  We should either improve that page or extract this
> level of detail somewhere else, not try to clutter up the CREATE ROLE page with
> it.

Because the CREATE ROLE is the way to create roles, and GRANT does much
more than just grant membership, I ended up moving the details from the
GRANT page to the CREATE ROLE page.

> We consistently say what the default is for these attribute pairs, do so here
> as well.

I added that, I hope in all the right places.

> Turn the parenthetical in the IN ROLE section into actual assertive
> documentation of what the clause does.  Tweak ROLE and ADMIN as well to fit in
> better.

Yes, that needed help.

> Reword the discussion regarding non-inheritance to be more direct.
> 
> I added mention of the grantee aspect of privileges as a soft way of further
> pointing out that the IN ROLE, ROLE, ADMIN clauses are limited in what they can
> control in the resulting membership grants.
> 
> I choose to use the phrasing "giving ... roles" for both parts of the sentence
> instead of switching to "... roles are given" for the second half.  More of a
> style choice but I didn't think switching really added much and just makes it a
> bit wordier and possibly a bit more effort to mentally parse.

I adjusted that working, but in a different way.  Patch attached.

I also found we didn't document that GRANT can be used to modify a
membership's attributes even after it is created;  I added that.

Just a reminder, this is for PG 16 and master.

-- 
  Bruce Momjian  <bruce@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  Only you can decide what is important to you.

Commits

  1. Correct "improve role option documentation".

  2. Allow grant-level control of role inheritance behavior.