Delete description of trigger file
Hi, Standby database promotion by trigger file creation is no longer supported from v16, but its description is remained. So, I created a patch. Do you think? -- Regards, Shinya Kato NTT DATA GROUP CORPORATIONdiff --git a/doc/src/sgml/high-availability.sgml b/doc/src/sgml/high-availability.sgml index eb81260bbf..bd6e61ba8a 100644 --- a/doc/src/sgml/high-availability.sgml +++ b/doc/src/sgml/high-availability.sgml @@ -648,7 +648,7 @@ protocol to make nodes agree on a serializable transactional order. later disconnected, the standby goes back to step 1 and tries to restore the file from the archive again. This loop of retries from the archive, pg_wal, and via streaming replication goes on until the server -is stopped or failover is triggered by a trigger file. +is stopped.
Re: Delete description of trigger file
On 2023-12-01 16:01, Michael Paquier wrote: On Fri, Dec 01, 2023 at 11:54:14AM +0900, Shinya Kato wrote: later disconnected, the standby goes back to step 1 and tries to restore the file from the archive again. This loop of retries from the archive, pg_wal, and via streaming replication goes on until the server -is stopped or failover is triggered by a trigger file. +is stopped. Just removing this information looks incorrect to me, because a promotion would cause the retries to stop the WAL lookups. Shouldn't the last part of this sentence be reworded as of a "or is promoted"? Thanks for the review. Yes, that's true. A new patch is attached. -- Regards, Shinya Kato NTT DATA GROUP CORPORATIONdiff --git a/doc/src/sgml/high-availability.sgml b/doc/src/sgml/high-availability.sgml index eb81260bbf..9dd52ff275 100644 --- a/doc/src/sgml/high-availability.sgml +++ b/doc/src/sgml/high-availability.sgml @@ -648,7 +648,7 @@ protocol to make nodes agree on a serializable transactional order. later disconnected, the standby goes back to step 1 and tries to restore the file from the archive again. This loop of retries from the archive, pg_wal, and via streaming replication goes on until the server -is stopped or failover is triggered by a trigger file. +is stopped or is promoted.
Fix analyze_sampling docs in postgres-fdw.sgml
Hi! I fixed analyze_sampling docs in postgres-fdw.sgml. - Changed analyze_sampling type 'text' to 'string' - Add a statement 'The option specified on a table overrides an option specified for the server.' Do you think? Regards, Shinya Kato NTT DATA GROUP CORPORATIONdiff --git a/doc/src/sgml/postgres-fdw.sgml b/doc/src/sgml/postgres-fdw.sgml index 3c54a26c9a..13b0f46bbf 100644 --- a/doc/src/sgml/postgres-fdw.sgml +++ b/doc/src/sgml/postgres-fdw.sgml @@ -337,13 +337,14 @@ OPTIONS (ADD password_required 'false'); - analyze_sampling (text) + analyze_sampling (string) This option, which can be specified for a foreign table or a foreign server, determines if ANALYZE on a foreign table samples the data on the remote side, or reads and transfers all data - and performs the sampling locally. The supported values + and performs the sampling locally. The option specified on a table + overrides an option specified for the server. The supported values are off, random, system, bernoulli and auto. off disables remote
Question about role attributes docs
Hi! I have a question about the documentation on ROLE. According to [1], INHERIT and BYPASSRLS can be specified when executing the CREATE ROLE command. However, there is no such description in Role Attributes in [2]. Are these concepts different from Role Attributes? Or are they just not documented? If they need to be documented, I'll create a patch. [1] https://www.postgresql.org/docs/devel/sql-createrole.html [2] https://www.postgresql.org/docs/devel/role-attributes.html -- Regards, -- Shinya Kato Advanced Computing Technology Center Research and Development Headquarters NTT DATA CORPORATION
Re: Question about role attributes docs
On 2022-01-12 02:07, Laurenz Albe wrote: On Tue, 2022-01-11 at 16:40 +0900, Shinya Kato wrote: I have a question about the documentation on ROLE. According to [1], INHERIT and BYPASSRLS can be specified when executing the CREATE ROLE command. However, there is no such description in Role Attributes in [2]. Are these concepts different from Role Attributes? Or are they just not documented? If they need to be documented, I'll create a patch. [1] https://www.postgresql.org/docs/devel/sql-createrole.html [2] https://www.postgresql.org/docs/devel/role-attributes.html I think that is indeed an omission, and adding documentation would be a good idea. Thanks! I created the patch, and attached it. On the other hand, a lot of that information is more or less a duplicate of the CREATE ROLE documentation. I wonder if the latter page could be removed altogether. I think there is certainly a lot of overlap. However, I think that the SQL commands page and the database roles page should exist separately, and should be maintained as they are because there are parts that do not overlap (for example, IN ROLE and ADMIN). -- Regards, -- Shinya Kato Advanced Computing Technology Center Research and Development Headquarters NTT DATA CORPORATIONdiff --git a/doc/src/sgml/user-manag.sgml b/doc/src/sgml/user-manag.sgml index 9067be1d9c..cf6adb3436 100644 --- a/doc/src/sgml/user-manag.sgml +++ b/doc/src/sgml/user-manag.sgml @@ -236,6 +236,42 @@ CREATE USER name; + + + inheritance of privilegesroleprivilege to inherit + + +A role is needed to permission to inherit privileges of roles it is a member of. +(except for superusers, since those bypass all permission checks). +If not specified, INHERIT is the default, so to create such a role, use either: + +CREATE ROLE name INHERIT; +CREATE ROLE name; + + + + + + + bypass row-level securityroleprivilege to bypass + + +A role must be explicitly given permission to bypass row-level security (RLS) policy. +(except for superusers, since those bypass all permission checks). +To create such a role, use CREATE ROLE name BYPASSRLS. + + + + + + connection limitroleprivilege to limit connection + + +Connection limit can specify how many concurrent connections a role can make. +-1 (the default) means no limit. To create such a role, use CREATE ROLE name CONNECTION LIMIT connlimit LOGIN. + + + A role's attributes can be modified after creation with
Re: Question about role attributes docs
On 2022-02-16 06:39, Swaha Miller wrote: On Tue, Feb 15, 2022 at 1:32 PM Shinya Kato wrote: On 2022-01-12 02:07, Laurenz Albe wrote: On Tue, 2022-01-11 at 16:40 +0900, Shinya Kato wrote: I have a question about the documentation on ROLE. According to [1], INHERIT and BYPASSRLS can be specified when executing the CREATE ROLE command. However, there is no such description in Role Attributes in [2]. Are these concepts different from Role Attributes? Or are they just not documented? If they need to be documented, I'll create a patch. [1] https://www.postgresql.org/docs/devel/sql-createrole.html [2] https://www.postgresql.org/docs/devel/role-attributes.html I think that is indeed an omission, and adding documentation would be a good idea. Thanks! I created the patch, and attached it. On the other hand, a lot of that information is more or less a duplicate of the CREATE ROLE documentation. I wonder if the latter page could be removed altogether. I think there is certainly a lot of overlap. However, I think that the SQL commands page and the database roles page should exist separately, and should be maintained as they are because there are parts that do not overlap (for example, IN ROLE and ADMIN). -- Regards, -- Shinya Kato Advanced Computing Technology Center Research and Development Headquarters NTT DATA CORPORATION May I suggest replacing the following verbiage in your patch +A role is needed to permission to inherit privileges of roles it is a member of. +(except for superusers, since those bypass all permission checks). +If not specified, INHERIT is the default, so to create such a role, use either: with clearer wording such as the following: A role can explicitly be restricted at time of creation from inheriting privileges of roles it is a member of (except for superusers, since those bypass all permission checks.) Restricting privileges is done by the NOINHERIT option. If no option is specified, INHERIT is the default. So to create a role that inherits privileges, use either: Regards, Swaha Miller Amazon Web Services Thank you for the review, and sorry for late reply. I fixed it. -- Regards, -- Shinya Kato Advanced Computing Technology Center Research and Development Headquarters NTT DATA CORPORATIONdiff --git a/doc/src/sgml/user-manag.sgml b/doc/src/sgml/user-manag.sgml index 9067be1d9c..fb9f382c92 100644 --- a/doc/src/sgml/user-manag.sgml +++ b/doc/src/sgml/user-manag.sgml @@ -236,6 +236,44 @@ CREATE USER name; + + + inheritance of privilegesroleprivilege to inherit + + +A role can explicitly be restricted at time of creation from inheriting privileges of +roles it is a member of (except for superusers, since those bypass all permission checks.) +Restricting privileges is done by the NOINHERIT option. +If no option is specified, INHERIT is the default. So to create a role that inherits +privileges, use either: + +CREATE ROLE name INHERIT; +CREATE ROLE name; + + + + + + + bypass row-level securityroleprivilege to bypass + + +A role must be explicitly given permission to bypass row-level security (RLS) policy. +(except for superusers, since those bypass all permission checks). +To create such a role, use CREATE ROLE name BYPASSRLS. + + + + + + connection limitroleprivilege to limit connection + + +Connection limit can specify how many concurrent connections a role can make. +-1 (the default) means no limit. To create such a role, use CREATE ROLE name CONNECTION LIMIT connlimit LOGIN. + + + A role's attributes can be modified after creation with
Re: Question about role attributes docs
On 2022-07-23 00:35, Fujii Masao wrote: On 2022/03/17 17:56, Shinya Kato wrote: Thank you for the review, and sorry for late reply. I fixed it. Thanks for updating the patch! Thank you for the review! I found that the patch has two trailing whitespaces. Sorry, I fixed them. +A role can explicitly be restricted at time of creation from inheriting privileges of +roles it is a member of (except for superusers, since those bypass all permission checks.) +Restricting privileges is done by the NOINHERIT option. +If no option is specified, INHERIT is the default. So to create a role that inherits +privileges, use either: It sounds strange to me that restriction of inheritance is explained at the beginning. Instead, something like the following is more intuitive and easy-to-understand to users? A role is given permission to inherit the privileges of roles it is a member of, by default. However, to create a role without the permission, use CREATE ROLE name NOINHERIT. +A role must be explicitly given permission to bypass row-level security (RLS) policy. +(except for superusers, since those bypass all permission checks). Like CREATE ROLE docs does, isn't it better to add "every" just before "row-level"? A dot just between "policy" and "(except" should be removed. + bypass row-level securityroleprivilege to bypass "bypass" should be "bypassing" or something because a noun is used for each entry title in other places? +To create such a role, use CREATE ROLE name BYPASSRLS. Isn't it better to add "as a superuser" just after "BYPASSRLS" because only a superuser can create a new role having the BYPASSRLS attribute? +-1 (the default) means no limit. To create such a role, use CREATE ROLE name CONNECTION LIMIT connlimit LOGIN. "To create such a role" sounds odd to me in this context. Instead, how about something like "Specify connection limit upon role creation with CREATE ROLE name CONNECTION LIMIT 'integer'."? I agree with what you say. I fixed everything. -- Regards, -- Shinya Kato Advanced Computing Technology Center Research and Development Headquarters NTT DATA CORPORATIONdiff --git a/doc/src/sgml/user-manag.sgml b/doc/src/sgml/user-manag.sgml index 6e36b8..54cb253d95 100644 --- a/doc/src/sgml/user-manag.sgml +++ b/doc/src/sgml/user-manag.sgml @@ -236,6 +236,39 @@ CREATE USER name; + + + inheritance of privilegesroleprivilege to inherit + + +A role is given permission to inherit the privileges of roles it is a +member of, by default. However, to create a role without the permission, +use CREATE ROLE name NOINHERIT. + + + + + + bypassing row-level securityroleprivilege to bypass + + +A role must be explicitly given permission to bypass every row-level security (RLS) policy +(except for superusers, since those bypass all permission checks). +To create such a role, use CREATE ROLE name BYPASSRLS as a superuser. + + + + + + connection limitroleprivilege to limit connection + + +Connection limit can specify how many concurrent connections a role can make. +-1 (the default) means no limit. Specify connection limit upon role creation with +CREATE ROLE name CONNECTION LIMIT 'integer'. + + + A role's attributes can be modified after creation with
Re: Document reopen of output file via SIGHUP in pg_recvlogical
On Fri, Jul 18, 2025 at 12:33 PM Fujii Masao wrote: > > > > On 2025/07/18 11:35, Shinya Kato wrote: > > On Thu, Jul 10, 2025 at 4:48 PM Fujii Masao > > wrote: > >> > >> Hi, > >> > >> pg_recvlogical continuously writes to the file specified with the --file > >> option, > >> which means the output file can grow indefinitely. To manage file size, > >> some users may want to rotate the output periodically. > >> > >> While reviewing the source code to find the way to rotate the file, I > >> noticed > >> that pg_recvlogical reopens the output file when it receives a SIGHUP > >> signal. > >> This makes file rotation possible: we can rename the current output file > >> and > >> then send a SIGHUP to pg_recvlogical, which will close the renamed file and > >> open a new one with the same original name. > >> > >> This is a useful feature, but it's currently undocumented. So I'd like to > >> apply the attached patch that adds this information to the documentation. > >> Thought? > > > > Agreed. > > I have confirmed the behavior and I think it should be documented. > > > > Your patch looks good, except that you should use "specified by" > > instead of "given with" to be consistent with the other documents. > > Thanks for the review! I've updated the patch as suggested. > The revised version is attached. > > Unless there are any objections, I will commit and back-patch it to v13. > > Regards, > > -- > Fujii Masao > NTT DATA Japan Corporation Thanks for updating the patch. LGTM. -- Best regards, Shinya Kato NTT OSS Center
Re: Document reopen of output file via SIGHUP in pg_recvlogical
On Thu, Jul 10, 2025 at 4:48 PM Fujii Masao wrote: > > Hi, > > pg_recvlogical continuously writes to the file specified with the --file > option, > which means the output file can grow indefinitely. To manage file size, > some users may want to rotate the output periodically. > > While reviewing the source code to find the way to rotate the file, I noticed > that pg_recvlogical reopens the output file when it receives a SIGHUP signal. > This makes file rotation possible: we can rename the current output file and > then send a SIGHUP to pg_recvlogical, which will close the renamed file and > open a new one with the same original name. > > This is a useful feature, but it's currently undocumented. So I'd like to > apply the attached patch that adds this information to the documentation. > Thought? Agreed. I have confirmed the behavior and I think it should be documented. Your patch looks good, except that you should use "specified by" instead of "given with" to be consistent with the other documents. -- Best regards, Shinya Kato NTT OSS Center
