On 10.06.20 17:53, Alvaro Herrera wrote:
On 2020-Jun-10, Laurenz Albe wrote:
On Tue, 2020-06-09 at 21:34 +0000, PG Doc comments form wrote:
Having read through the documentation on roles/granting I think I more or
less understand how it works, but what isn't really clarified is what the
overall universe of permissions that can be granted looks like. For example
I still didn't realize that to create a schema, you need to "GRANT CREATE"
to the role on the database before the role is allowed to do that. It's hard
to make a mental map of everything that a new role might need when I am
creating it.
That would be material for a tutorial rather than a documentation.
... but our documentation *does* have a tutorial, which could perhaps
gain a section about privileges.
What permissions issues do users typically struggle with? I personally
have seen no problems in this area. Stephen sends one example; can you
send more examples - or even a short text or a sketch of what you expect
to be in the documentation?
More general: Is it a real problem? My experience is that in most cases
permissions are handled at the application level, not at the database
level. Is it worth to give more details? I don't think so. But it may be
a good idea to follow Stephen's suggestion and put an introductory
summary to the tutorial chapter.
--
Jürgen Purtz
