Hi,

I noticed that we don't document that you need to own the object being modified by SECURITY LABEL.

Page: https://www.postgresql.org/docs/current/sql-security-label.html

I've attached a patch that would have answered that question (for me) without diving into the code.

Thanks,
Patrick
From 318a37a35f1b9f1915ae03df869fb51b04f1353e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Patrick=20St=C3=A4hlin?= <m...@packi.ch>
Date: Thu, 5 Jun 2025 15:10:01 +0200
Subject: [PATCH] Document ownership requirement for SECURITY LABEL

Clarify that you need ownership of objects you issue SECURITY LABEL on.
---
 doc/src/sgml/ref/security_label.sgml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/doc/src/sgml/ref/security_label.sgml b/doc/src/sgml/ref/security_label.sgml
index e5e5fb483e9..ddcf92c967e 100644
--- a/doc/src/sgml/ref/security_label.sgml
+++ b/doc/src/sgml/ref/security_label.sgml
@@ -84,6 +84,10 @@ SECURITY LABEL [ FOR <replaceable class="parameter">provider</replaceable> ] ON
    based on object labels, rather than traditional discretionary access control
    (DAC) concepts such as users and groups.
   </para>
+
+  <para>
+   You must own the database object to use the <command>SECURITY LABEL</command>.
+  </para>
  </refsect1>
 
  <refsect1>
-- 
2.48.1

Reply via email to