diff --git a/doc/src/sgml/user-manag.sgml b/doc/src/sgml/user-manag.sgml
index 6106244d324..66f162703dd 100644
--- a/doc/src/sgml/user-manag.sgml
+++ b/doc/src/sgml/user-manag.sgml
@@ -530,9 +530,16 @@ DROP ROLE doomed_role;
Execute monitoring functions that may take ACCESS SHARE locks on tables,
potentially for a long time.
+
+ pg_monitor
+ Read/execute various monitoring views and functions.
+ This role is a member of pg_read_all_settings,
+ pg_read_all_stats and
+ pg_stat_scan_tables.
+
pg_signal_backend
- Send signals to other backends (eg: cancel query, terminate).
+ Signal another backend to cancel a query or terminate its session.
pg_read_server_files
@@ -549,27 +556,10 @@ DROP ROLE doomed_role;
Allow executing programs on the database server as the user the database runs as with
COPY and other functions which allow executing a server-side program.
-
- pg_monitor
- Read/execute various monitoring views and functions.
- This role is a member of pg_read_all_settings,
- pg_read_all_stats and
- pg_stat_scan_tables.
-
-
- The pg_read_server_files, pg_write_server_files and
- pg_execute_server_program roles are intended to allow administrators to have
- trusted, but non-superuser, roles which are able to access files and run programs on the
- database server as the user the database runs as. As these roles are able to access any file on
- the server file system, they bypass all database-level permission checks when accessing files
- directly and they could be used to gain superuser-level access, therefore care should be taken
- when granting these roles to users.
-
-
The pg_monitor, pg_read_all_settings,
pg_read_all_stats and pg_stat_scan_tables
@@ -579,6 +569,25 @@ DROP ROLE doomed_role;
other system information normally restricted to superusers.
+
+ The pg_signal_backend role is intended to allow
+ administrators to enable trusted, but non-superuser, roles to send signals
+ to other backends. Currently this role enables sending of signals for
+ canceling a query on another backend or terminating its session. A user
+ granted this role cannot however send signals to a backend owned by a
+ superuser. See .
+
+
+
+ The pg_read_server_files, pg_write_server_files and
+ pg_execute_server_program roles are intended to allow administrators to have
+ trusted, but non-superuser, roles which are able to access files and run programs on the
+ database server as the user the database runs as. As these roles are able to access any file on
+ the server file system, they bypass all database-level permission checks when accessing files
+ directly and they could be used to gain superuser-level access, therefore
+ great care should be taken when granting these roles to users.
+
+
Care should be taken when granting these roles to ensure they are only used where
needed and with the understanding that these roles grant access to privileged
@@ -586,8 +595,8 @@ DROP ROLE doomed_role;
- Administrators can grant access to these roles to users using the GRANT
- command:
+ Administrators can grant access to these roles to users using the
+ command, for example:
GRANT pg_signal_backend TO admin_user;