Re: Question about role attributes docs
От | Fujii Masao |
---|---|
Тема | Re: Question about role attributes docs |
Дата | |
Msg-id | d2f9d8d9-83aa-061a-7178-6ef79ac3d8ad@oss.nttdata.com обсуждение исходный текст |
Ответ на | Re: Question about role attributes docs (Shinya Kato <Shinya11.Kato@oss.nttdata.com>) |
Ответы |
Re: Question about role attributes docs
(Shinya Kato <Shinya11.Kato@oss.nttdata.com>)
|
Список | pgsql-docs |
On 2022/03/17 17:56, Shinya Kato wrote: > Thank you for the review, and sorry for late reply. > I fixed it. Thanks for updating the patch! I found that the patch has two trailing whitespaces. + A role can explicitly be restricted at time of creation from inheriting privileges of + roles it is a member of (except for superusers, since those bypass all permission checks.) + Restricting privileges is done by the <literal>NOINHERIT</literal> option. + If no option is specified, <literal>INHERIT</literal> is the default. So to create a role that inherits + privileges, use either: It sounds strange to me that restriction of inheritance is explained at the beginning. Instead, something like the followingis more intuitive and easy-to-understand to users? ------------------------ A role is given permission to inherit the privileges of roles it is a member of, by default. However, to create a role withoutthe permission, use CREATE ROLE name NOINHERIT. ------------------------ + A role must be explicitly given permission to bypass row-level security (RLS) policy. + (except for superusers, since those bypass all permission checks). Like CREATE ROLE docs does, isn't it better to add "every" just before "row-level"? A dot just between "policy" and "(except" should be removed. + <term>bypass row-level security<indexterm><primary>role</primary><secondary>privilege to bypass</secondary></indexterm></term> "bypass" should be "bypassing" or something because a noun is used for each entry title in other places? + To create such a role, use <literal>CREATE ROLE <replaceable>name</replaceable> BYPASSRLS</literal>. Isn't it better to add "as a superuser" just after "BYPASSRLS</literal>" because only a superuser can create a new role havingthe BYPASSRLS attribute? + -1 (the default) means no limit. To create such a role, use <literal>CREATE ROLE <replaceable>name</replaceable>CONNECTION LIMIT<replaceable> connlimit</replaceable> LOGIN</literal>. "To create such a role" sounds odd to me in this context. Instead, how about something like "Specify connection limit uponrole creation with CREATE ROLE name CONNECTION LIMIT 'integer'."? Regards, -- Fujii Masao Advanced Computing Technology Center Research and Development Headquarters NTT DATA CORPORATION
В списке pgsql-docs по дате отправления: