Re: PG 14 release notes, first draft

Sat, 22 May 2021 17:17:21 -0700 

On Sat, May 22, 2021 at 07:29:45PM -0400, Stephen Frost wrote:
> Greetings,
> 
> * Bruce Momjian (br...@momjian.us) wrote:
> > I have committed the first draft of the PG 14 release notes.  You can
> > see the most current  build of them here:
> > 
> >     https://momjian.us/pgsql_docs/release-14.html
> 
> It occurs to me that the wording around the new default roles could
> probably be better.  Specifically:
> 
> Add predefined roles pg_read_all_data and pg_write_all_data (Stephen Frost)
> 
> These non-login roles give read-only/write-only access to all objects.
> 
> Might be better as:
> 
> These non-login roles give read, or write, access to all tables, views,
> and sequences.
> 
> (These roles don't actually allow, for example, a function to be
> redefined, so saying 'all objects' isn't quite right either.)
> 
> While these roles could be used to create a 'read only' or 'write only'
> role, they, themselves, do not explicitly convey that on to a role
> because they don't do anything to prevent someone from GRANT'ing other
> rights to some role which has been GRANT'd these predefined roles.  I
> don't think anyone on this list thought differently from that, but the
> phrasing strikes me as potentially confusing.
> 
> Maybe another way would be:
> 
> These non-login roles give (only) read, or write, access to all tables,
> views, and sequences.
> 
> but I don't think saying 'only' there really adds anything and instead
> invites confusion.

OK, I went with this text:

        <listitem>
        <!--
        Author: Stephen Frost <sfr...@snowman.net>
        2021-04-05 [6c3ffd697] Add pg_read_all_data and pg_write_all_data roles
        -->
        
        <para>
        Add predefined roles <link
        
linkend="predefined-roles"><structname>pg_read_all_data</structname></link>
        and <structname>pg_write_all_data</structname> (Stephen Frost)
        </para>
        
        <para>
        These non-login roles can be used to give read or write permission to
        all tables, views, and sequences.
        </para>
        </listitem>

-- 
  Bruce Momjian  <br...@momjian.us>        https://momjian.us
  EDB                                      https://enterprisedb.com

  If only the physical world exists, free will is an illusion.

Reply via email to