On Wed, 2024-01-24 at 15:26 +0100, Daniel Gustafsson wrote: > > On 24 Jan 2024, at 15:23, Laurenz Albe <laurenz.a...@cybertec.at> wrote: > > > > On Wed, 2024-01-24 at 11:08 +0100, gp...@free.fr wrote: > > > for this "ALTER DATABASE" form, it should be mentioned that after > > > execution of the command, > > > the old database owner loses all his privileges on it (even connection) > > > although it might > > > still owns schemas or objects (tables, index,...) inside it. > > > > > > Thanks in advance to add this important precision. > > > > How about this: > > > > diff --git a/doc/src/sgml/ddl.sgml b/doc/src/sgml/ddl.sgml > > index 4044f0908f..44042f863c 100644 > > --- a/doc/src/sgml/ddl.sgml > > +++ b/doc/src/sgml/ddl.sgml > > @@ -1891,6 +1891,8 @@ ALTER TABLE <replaceable>table_name</replaceable> > > OWNER TO <replaceable>new_owne > > Superusers can always do this; ordinary roles can only do it if they are > > both the current owner of the object (or inherit the privileges of the > > owning role) and able to <literal>SET ROLE</literal> to the new owning > > role. > > + All object privileges of the old owner are transferred to the new owner > > + along with the ownership. > > </para> > > Doesn't seem unreasonable to me, it won't make the docs harder to read and use > for experienced users while it may make them easier to follow for new users.
Here is a patch for this change. Yours, Laurenz Albe
From 3685b2ce9d921857d629bd20d49b1acfd5f01576 Mon Sep 17 00:00:00 2001 From: Laurenz Albe <laurenz.a...@cybertec.at> Date: Fri, 26 Jan 2024 12:01:37 +0100 Subject: [PATCH v1] Document effects of ownership change on privileges Privileges have always been transferred along with the ownership, but it is a good idea to document that. Per complaint by Gilles Parc. Author: Laurenz Albe Reviewed-by: Daniel Gustafsson, David G. Johnston Discussion: https://postgr.es/m/2023185982.281851219.1646733038464.JavaMail.root%40zimbra15-e2.priv.proxad.net --- doc/src/sgml/ddl.sgml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/doc/src/sgml/ddl.sgml b/doc/src/sgml/ddl.sgml index fc03a349f0..835ebd5a67 100644 --- a/doc/src/sgml/ddl.sgml +++ b/doc/src/sgml/ddl.sgml @@ -1893,6 +1893,8 @@ ALTER TABLE <replaceable>table_name</replaceable> OWNER TO <replaceable>new_owne Superusers can always do this; ordinary roles can only do it if they are both the current owner of the object (or inherit the privileges of the owning role) and able to <literal>SET ROLE</literal> to the new owning role. + All object privileges of the old owner are transferred to the new owner + along with the ownership. </para> <para> -- 2.43.0
