On Tue, 26 Sept 2023 at 04:38, Nathan Bossart <nathandboss...@gmail.com> wrote:
>
> On Fri, Sep 15, 2023 at 02:25:38PM -0700, Yurii Rashkovskii wrote:
> > Thank you for the feedback. I've updated the glossary and updated the
> > terminology to be consistent. Please see the new patch attached.
>
> Thanks for the new version of the patch.
>
> This user owns all system catalog tables in each database. It is also
> the role
> from which all granted permissions originate. Because of these things,
> this
> - role may not be dropped.
> + role may not be dropped. This role must always be a superuser, it can't
> be changed
> + to be a non-superuser.
>
> I think we should move this note to the sentence just below that mentions
> its superuserness. Maybe it could look something like this:
>
> This role also behaves as a normal database superuser, and its
> superuser status cannot be revoked.
Modified
> + Database superusers can change any of these settings for any role, except
> for
> + changing <literal>SUPERUSER</literal> to <literal>NOSUPERUSER</literal>
> + for a <glossterm linkend="glossary-bootstrap-superuser">bootstrap
> superuser</glossterm>.
>
> nitpick: s/a bootstrap superuser/the bootstrap superuser
Modified
> #: commands/user.c:871
> #, c-format
> -msgid "The bootstrap user must have the %s attribute."
> +msgid "The bootstrap superuser must have the %s attribute."
> msgstr "Der Bootstrap-Benutzer muss das %s-Attribut haben."
>
> No need to update the translation files. Those are updated separately in
> the pgtranslation repo.
Removed the translation changes
The attached v3 version patch has the changes for the same.
Regards,
Vignesh
From 0b92a0abfbd759a295eb8d5ec80d9203486a0e46 Mon Sep 17 00:00:00 2001
From: Yurii Rashkovskii <yra...@gmail.com>
Date: Fri, 15 Sep 2023 11:41:46 -0700
Subject: [PATCH v3] Improve ALTER ROLE documentation to document current
behavior.
Previously, this was possible (assuming current_user is a bootstrap user):
```
ALTER ROLE current_user NOSUPERUSER
```
However, as of 16.0 this is no longer allowed:
```
ERROR: permission denied to alter role
DETAIL: The bootstrap user must have the SUPERUSER attribute.
```
Also, update the term across the board to use "bootstrap superuser"
---
doc/src/sgml/glossary.sgml | 3 ++-
doc/src/sgml/ref/alter_role.sgml | 4 +++-
doc/src/sgml/user-manag.sgml | 2 +-
src/backend/commands/user.c | 2 +-
4 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/doc/src/sgml/glossary.sgml b/doc/src/sgml/glossary.sgml
index 5815fa4471..5839094fce 100644
--- a/doc/src/sgml/glossary.sgml
+++ b/doc/src/sgml/glossary.sgml
@@ -247,7 +247,8 @@
</para>
<para>
This role also behaves as a normal
- <glossterm linkend="glossary-database-superuser">database superuser</glossterm>.
+ <glossterm linkend="glossary-database-superuser">database superuser</glossterm>,
+ and its superuser status cannot be revoked.
</para>
</glossdef>
</glossentry>
diff --git a/doc/src/sgml/ref/alter_role.sgml b/doc/src/sgml/ref/alter_role.sgml
index ab1ee45d54..361bae27c3 100644
--- a/doc/src/sgml/ref/alter_role.sgml
+++ b/doc/src/sgml/ref/alter_role.sgml
@@ -69,7 +69,9 @@ ALTER ROLE { <replaceable class="parameter">role_specification</replaceable> | A
<link linkend="sql-grant"><command>GRANT</command></link> and
<link linkend="sql-revoke"><command>REVOKE</command></link> for that.)
Attributes not mentioned in the command retain their previous settings.
- Database superusers can change any of these settings for any role.
+ Database superusers can change any of these settings for any role, except for
+ changing <literal>SUPERUSER</literal> to <literal>NOSUPERUSER</literal>
+ for the <glossterm linkend="glossary-bootstrap-superuser">bootstrap superuser</glossterm>.
Non-superuser roles having <literal>CREATEROLE</literal> privilege can
change most of these properties, but only for non-superuser and
non-replication roles for which they have been granted
diff --git a/doc/src/sgml/user-manag.sgml b/doc/src/sgml/user-manag.sgml
index 92a299d2d3..1c011ac62b 100644
--- a/doc/src/sgml/user-manag.sgml
+++ b/doc/src/sgml/user-manag.sgml
@@ -350,7 +350,7 @@ ALTER ROLE myname SET enable_indexscan TO off;
options. Thus, the fact that privileges are not inherited by default nor
is <literal>SET ROLE</literal> granted by default is a safeguard against
accidents, not a security feature. Also note that, because this automatic
- grant is granted by the bootstrap user, it cannot be removed or changed by
+ grant is granted by the bootstrap superuser, it cannot be removed or changed by
the <literal>CREATEROLE</literal> user; however, any superuser could
revoke it, modify it, and/or issue additional such grants to other
<literal>CREATEROLE</literal> users. Whichever <literal>CREATEROLE</literal>
diff --git a/src/backend/commands/user.c b/src/backend/commands/user.c
index 7e81589711..7a9c177b21 100644
--- a/src/backend/commands/user.c
+++ b/src/backend/commands/user.c
@@ -868,7 +868,7 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt)
ereport(ERROR,
(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
errmsg("permission denied to alter role"),
- errdetail("The bootstrap user must have the %s attribute.",
+ errdetail("The bootstrap superuser must have the %s attribute.",
"SUPERUSER")));
new_record[Anum_pg_authid_rolsuper - 1] = BoolGetDatum(should_be_super);
--
2.34.1
