On Sun, Aug 28, 2022 at 09:33:40PM +0000, PG Doc comments form wrote: > The following documentation comment has been logged on the website: > > Page: https://www.postgresql.org/docs/14/role-membership.html > Description: > > In § 22.3 there's a paragraph stating > > > Immediately after connecting as role joe, a database session will have use > of privileges granted directly to joe plus any privileges granted to admin, > because joe “inherits” admin's privileges. > > But in the code block directly presiding that paragraph contain the command > `CREATE ROLE admin NOINHERIT;`.
Uh, the text says: NOINHERIT These clauses determine whether a role “inherits” the privileges of roles it is a member of. A role with the INHERIT attribute can automatically use whatever database privileges have been granted to all roles it is directly or indirectly a member of. Without INHERIT, membership in another role only grants the ability to SET ROLE to that other role; the privileges of the other role are only available after having done so. If not specified, INHERIT is the default. The controls whether the role being created inherits anything, not how role members behave. -- Bruce Momjian <br...@momjian.us> https://momjian.us EDB https://enterprisedb.com Indecision is a decision. Inaction is an action. Mark Batterson