database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-28 23:42:10 +03:00
Code Activity

doc: PG 16 relnotes, merge and adjust CREATEROLE items

Browse Source 
Reported-by: Noah Misch

Discussion: https://postgr.es/m/20230805230847.GA1370050@rfd.leadboat.com

Backpatch-through: 16 only
This commit is contained in:
Bruce Momjian
2023-08-09 18:01:50 -04:00
parent 89cadf30c6
commit 6e1d1c5848
1 changed files with 18 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
doc/src/sgml/release-16.sgml
View File

@ -244,6 +244,24 @@ Collations and locales can vary between databases so having them as read-only se
</para>
</listitem>
<!--
Author: Robert Haas <rhaas@postgresql.org>
2023-01-10 [cf5eb37c5] Restrict the privileges of CREATEROLE users.
Author: Robert Haas <rhaas@postgresql.org>
2023-01-24 [f1358ca52] Adjust interaction of CREATEROLE with role properties.
-->
<listitem>
<para>
Restrict the privileges of CREATEROLE and its ability to modify other roles (Robert Haas)
</para>
<para>
Previously roles with CREATEROLE privileges could change many aspects of any non-superuser role. Such changes, including adding members, now require the role requesting the change to have ADMIN OPTION
permission. For example, they can now change the CREATEDB, REPLICATION, and BYPASSRLS properties only if they also have those permissions.
</para>
</listitem>
<!--
Author: Nathan Bossart <nathan@postgresql.org>
2023-05-21 [2dcd1578c] Rename some createuser options.
@ -822,37 +840,6 @@ Previously CREATEROLE permission was required.
</para>
</listitem>
<!--
Author: Robert Haas <rhaas@postgresql.org>
2023-01-10 [cf5eb37c5] Restrict the privileges of CREATEROLE users.
-->
<listitem>
<para>
Restrict the privileges of CREATEROLE roles (Robert Haas)
</para>
<para>
Previously roles with CREATEROLE privileges could change many aspects of any non-superuser role. Such changes, including adding members, now require the role requesting the change to have ADMIN OPTION
permission.
</para>
</listitem>
<!--
Author: Robert Haas <rhaas@postgresql.org>
2023-01-24 [f1358ca52] Adjust interaction of CREATEROLE with role properties.
-->
<listitem>
<para>
Improve logic of CREATEROLE roles ability to control other roles (Robert Haas)
</para>
<para>
For example, they can change the CREATEDB, REPLICATION, and BYPASSRLS properties only if they also have those permissions.
</para>
</listitem>
<!--
Author: Robert Haas <rhaas@postgresql.org>
2022-08-25 [e3ce2de09] Allow grant-level control of role inheritance behavior.