Hi,
I noticed that we don't document that you need to own the object being
modified by SECURITY LABEL.
Page: https://www.postgresql.org/docs/current/sql-security-label.html
I've attached a patch that would have answered that question (for me)
without diving into the code.
Thanks,
Patrick
From 318a37a35f1b9f1915ae03df869fb51b04f1353e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Patrick=20St=C3=A4hlin?= <m...@packi.ch>
Date: Thu, 5 Jun 2025 15:10:01 +0200
Subject: [PATCH] Document ownership requirement for SECURITY LABEL
Clarify that you need ownership of objects you issue SECURITY LABEL on.
---
doc/src/sgml/ref/security_label.sgml | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/doc/src/sgml/ref/security_label.sgml b/doc/src/sgml/ref/security_label.sgml
index e5e5fb483e9..ddcf92c967e 100644
--- a/doc/src/sgml/ref/security_label.sgml
+++ b/doc/src/sgml/ref/security_label.sgml
@@ -84,6 +84,10 @@ SECURITY LABEL [ FOR <replaceable class="parameter">provider</replaceable> ] ON
based on object labels, rather than traditional discretionary access control
(DAC) concepts such as users and groups.
</para>
+
+ <para>
+ You must own the database object to use the <command>SECURITY LABEL</command>.
+ </para>
</refsect1>
<refsect1>
--
2.48.1