database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-08-30 06:01:21 +03:00
Code Activity

Add "pg_database_owner" default role.

Browse Source 
Membership consists, implicitly, of the current database owner.  Expect
use in template databases.  Once pg_database_owner has rights within a
template, each owner of a database instantiated from that template will
exercise those rights.

Reviewed by John Naylor.

Discussion: https://postgr.es/m/20201228043148.GA1053024@rfd.leadboat.com
This commit is contained in:
Noah Misch
2021-03-26 10:42:17 -07:00
parent f687bf61ed
commit a14a0118a1
11 changed files with 207 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
doc/src/sgml/catalogs.sgml
View File

@@ -10138,6 +10138,9 @@ SCRAM-SHA-256$<replaceable>&lt;iteration count&gt;</replaceable>:<replaceable>&l
<primary>pg_group</primary>
</indexterm>
<!-- Unlike information_schema.applicable_roles, this shows no members for
pg_database_owner. The v8.1 catalog would have shown no members if
that role had existed at the time. -->
<para>
The view <structname>pg_group</structname> exists for backwards
compatibility: it emulates a catalog that existed in

15
doc/src/sgml/user-manag.sgml
View File

@@ -540,6 +540,10 @@ DROP ROLE doomed_role;
<literal>pg_read_all_stats</literal> and
<literal>pg_stat_scan_tables</literal>.</entry>
</row>
<row>
<entry>pg_database_owner</entry>
<entry>None. Membership consists, implicitly, of the current database owner.</entry>
</row>
<row>
<entry>pg_signal_backend</entry>
<entry>Signal another backend to cancel a query or terminate its session.</entry>
@@ -572,6 +576,17 @@ DROP ROLE doomed_role;
other system information normally restricted to superusers.
</para>
<para>
The <literal>pg_database_owner</literal> role has one implicit,
situation-dependent member, namely the owner of the current database. The
role conveys no rights at first. Like any role, it can own objects or
receive grants of access privileges. Consequently, once
<literal>pg_database_owner</literal> has rights within a template database,
each owner of a database instantiated from that template will exercise those
rights. <literal>pg_database_owner</literal> cannot be a member of any
role, and it cannot have non-implicit members.
</para>
<para>
The <literal>pg_signal_backend</literal> role is intended to allow
administrators to enable trusted, but non-superuser, roles to send signals