On Tue, 26 Sept 2023 at 04:38, Nathan Bossart <nathandboss...@gmail.com> wrote: > > On Fri, Sep 15, 2023 at 02:25:38PM -0700, Yurii Rashkovskii wrote: > > Thank you for the feedback. I've updated the glossary and updated the > > terminology to be consistent. Please see the new patch attached. > > Thanks for the new version of the patch. > > This user owns all system catalog tables in each database. It is also > the role > from which all granted permissions originate. Because of these things, > this > - role may not be dropped. > + role may not be dropped. This role must always be a superuser, it can't > be changed > + to be a non-superuser. > > I think we should move this note to the sentence just below that mentions > its superuserness. Maybe it could look something like this: > > This role also behaves as a normal database superuser, and its > superuser status cannot be revoked.
Modified > + Database superusers can change any of these settings for any role, except > for > + changing <literal>SUPERUSER</literal> to <literal>NOSUPERUSER</literal> > + for a <glossterm linkend="glossary-bootstrap-superuser">bootstrap > superuser</glossterm>. > > nitpick: s/a bootstrap superuser/the bootstrap superuser Modified > #: commands/user.c:871 > #, c-format > -msgid "The bootstrap user must have the %s attribute." > +msgid "The bootstrap superuser must have the %s attribute." > msgstr "Der Bootstrap-Benutzer muss das %s-Attribut haben." > > No need to update the translation files. Those are updated separately in > the pgtranslation repo. Removed the translation changes The attached v3 version patch has the changes for the same. Regards, Vignesh
From 0b92a0abfbd759a295eb8d5ec80d9203486a0e46 Mon Sep 17 00:00:00 2001 From: Yurii Rashkovskii <yra...@gmail.com> Date: Fri, 15 Sep 2023 11:41:46 -0700 Subject: [PATCH v3] Improve ALTER ROLE documentation to document current behavior. Previously, this was possible (assuming current_user is a bootstrap user): ``` ALTER ROLE current_user NOSUPERUSER ``` However, as of 16.0 this is no longer allowed: ``` ERROR: permission denied to alter role DETAIL: The bootstrap user must have the SUPERUSER attribute. ``` Also, update the term across the board to use "bootstrap superuser" --- doc/src/sgml/glossary.sgml | 3 ++- doc/src/sgml/ref/alter_role.sgml | 4 +++- doc/src/sgml/user-manag.sgml | 2 +- src/backend/commands/user.c | 2 +- 4 files changed, 7 insertions(+), 4 deletions(-) diff --git a/doc/src/sgml/glossary.sgml b/doc/src/sgml/glossary.sgml index 5815fa4471..5839094fce 100644 --- a/doc/src/sgml/glossary.sgml +++ b/doc/src/sgml/glossary.sgml @@ -247,7 +247,8 @@ </para> <para> This role also behaves as a normal - <glossterm linkend="glossary-database-superuser">database superuser</glossterm>. + <glossterm linkend="glossary-database-superuser">database superuser</glossterm>, + and its superuser status cannot be revoked. </para> </glossdef> </glossentry> diff --git a/doc/src/sgml/ref/alter_role.sgml b/doc/src/sgml/ref/alter_role.sgml index ab1ee45d54..361bae27c3 100644 --- a/doc/src/sgml/ref/alter_role.sgml +++ b/doc/src/sgml/ref/alter_role.sgml @@ -69,7 +69,9 @@ ALTER ROLE { <replaceable class="parameter">role_specification</replaceable> | A <link linkend="sql-grant"><command>GRANT</command></link> and <link linkend="sql-revoke"><command>REVOKE</command></link> for that.) Attributes not mentioned in the command retain their previous settings. - Database superusers can change any of these settings for any role. + Database superusers can change any of these settings for any role, except for + changing <literal>SUPERUSER</literal> to <literal>NOSUPERUSER</literal> + for the <glossterm linkend="glossary-bootstrap-superuser">bootstrap superuser</glossterm>. Non-superuser roles having <literal>CREATEROLE</literal> privilege can change most of these properties, but only for non-superuser and non-replication roles for which they have been granted diff --git a/doc/src/sgml/user-manag.sgml b/doc/src/sgml/user-manag.sgml index 92a299d2d3..1c011ac62b 100644 --- a/doc/src/sgml/user-manag.sgml +++ b/doc/src/sgml/user-manag.sgml @@ -350,7 +350,7 @@ ALTER ROLE myname SET enable_indexscan TO off; options. Thus, the fact that privileges are not inherited by default nor is <literal>SET ROLE</literal> granted by default is a safeguard against accidents, not a security feature. Also note that, because this automatic - grant is granted by the bootstrap user, it cannot be removed or changed by + grant is granted by the bootstrap superuser, it cannot be removed or changed by the <literal>CREATEROLE</literal> user; however, any superuser could revoke it, modify it, and/or issue additional such grants to other <literal>CREATEROLE</literal> users. Whichever <literal>CREATEROLE</literal> diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c index 7e81589711..7a9c177b21 100644 --- a/src/backend/commands/user.c +++ b/src/backend/commands/user.c @@ -868,7 +868,7 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt) ereport(ERROR, (errcode(ERRCODE_FEATURE_NOT_SUPPORTED), errmsg("permission denied to alter role"), - errdetail("The bootstrap user must have the %s attribute.", + errdetail("The bootstrap superuser must have the %s attribute.", "SUPERUSER"))); new_record[Anum_pg_authid_rolsuper - 1] = BoolGetDatum(should_be_super); -- 2.34.1