Обсуждение: some charts or graphs of possible permissions would be nice
The following documentation comment has been logged on the website: Page: https://www.postgresql.org/docs/11/sql-grant.html Description: Having read through the documentation on roles/granting I think I more or less understand how it works, but what isn't really clarified is what the overall universe of permissions that can be granted looks like. For example I still didn't realize that to create a schema, you need to "GRANT CREATE" to the role on the database before the role is allowed to do that. It's hard to make a mental map of everything that a new role might need when I am creating it.
On Tue, 2020-06-09 at 21:34 +0000, PG Doc comments form wrote: > Having read through the documentation on roles/granting I think I more or > less understand how it works, but what isn't really clarified is what the > overall universe of permissions that can be granted looks like. For example > I still didn't realize that to create a schema, you need to "GRANT CREATE" > to the role on the database before the role is allowed to do that. It's hard > to make a mental map of everything that a new role might need when I am > creating it. That would be material for a tutorial rather than a documentation. Yours, Laurenz Albe
On 2020-Jun-10, Laurenz Albe wrote: > On Tue, 2020-06-09 at 21:34 +0000, PG Doc comments form wrote: > > Having read through the documentation on roles/granting I think I more or > > less understand how it works, but what isn't really clarified is what the > > overall universe of permissions that can be granted looks like. For example > > I still didn't realize that to create a schema, you need to "GRANT CREATE" > > to the role on the database before the role is allowed to do that. It's hard > > to make a mental map of everything that a new role might need when I am > > creating it. > > That would be material for a tutorial rather than a documentation. ... but our documentation *does* have a tutorial, which could perhaps gain a section about privileges. -- Álvaro Herrera https://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
On 10.06.20 17:53, Alvaro Herrera wrote: > On 2020-Jun-10, Laurenz Albe wrote: > >> On Tue, 2020-06-09 at 21:34 +0000, PG Doc comments form wrote: >>> Having read through the documentation on roles/granting I think I more or >>> less understand how it works, but what isn't really clarified is what the >>> overall universe of permissions that can be granted looks like. For example >>> I still didn't realize that to create a schema, you need to "GRANT CREATE" >>> to the role on the database before the role is allowed to do that. It's hard >>> to make a mental map of everything that a new role might need when I am >>> creating it. >> That would be material for a tutorial rather than a documentation. > ... but our documentation *does* have a tutorial, which could perhaps > gain a section about privileges. > What permissions issues do users typically struggle with? I personally have seen no problems in this area. Stephen sends one example; can you send more examples - or even a short text or a sketch of what you expect to be in the documentation? More general: Is it a real problem? My experience is that in most cases permissions are handled at the application level, not at the database level. Is it worth to give more details? I don't think so. But it may be a good idea to follow Stephen's suggestion and put an introductory summary to the tutorial chapter. -- Jürgen Purtz