@@ -530,9 +530,16 @@ DROP ROLE doomed_role;
530530 <entry>Execute monitoring functions that may take <literal>ACCESS SHARE</literal> locks on tables,
531531 potentially for a long time.</entry>
532532 </row>
533+ <row>
534+ <entry>pg_monitor</entry>
535+ <entry>Read/execute various monitoring views and functions.
536+ This role is a member of <literal>pg_read_all_settings</literal>,
537+ <literal>pg_read_all_stats</literal> and
538+ <literal>pg_stat_scan_tables</literal>.</entry>
539+ </row>
533540 <row>
534541 <entry>pg_signal_backend</entry>
535- <entry>Send signals to other backends (eg: cancel query, terminate) .</entry>
542+ <entry>Signal another backend to cancel a query or terminate its session .</entry>
536543 </row>
537544 <row>
538545 <entry>pg_read_server_files</entry>
@@ -549,27 +556,10 @@ DROP ROLE doomed_role;
549556 <entry>Allow executing programs on the database server as the user the database runs as with
550557 COPY and other functions which allow executing a server-side program.</entry>
551558 </row>
552- <row>
553- <entry>pg_monitor</entry>
554- <entry>Read/execute various monitoring views and functions.
555- This role is a member of <literal>pg_read_all_settings</literal>,
556- <literal>pg_read_all_stats</literal> and
557- <literal>pg_stat_scan_tables</literal>.</entry>
558- </row>
559559 </tbody>
560560 </tgroup>
561561 </table>
562562
563- <para>
564- The <literal>pg_read_server_files</literal>, <literal>pg_write_server_files</literal> and
565- <literal>pg_execute_server_program</literal> roles are intended to allow administrators to have
566- trusted, but non-superuser, roles which are able to access files and run programs on the
567- database server as the user the database runs as. As these roles are able to access any file on
568- the server file system, they bypass all database-level permission checks when accessing files
569- directly and they could be used to gain superuser-level access, therefore care should be taken
570- when granting these roles to users.
571- </para>
572-
573563 <para>
574564 The <literal>pg_monitor</literal>, <literal>pg_read_all_settings</literal>,
575565 <literal>pg_read_all_stats</literal> and <literal>pg_stat_scan_tables</literal>
@@ -579,15 +569,34 @@ DROP ROLE doomed_role;
579569 other system information normally restricted to superusers.
580570 </para>
581571
572+ <para>
573+ The <literal>pg_signal_backend</literal> role is intended to allow
574+ administrators to enable trusted, but non-superuser, roles to send signals
575+ to other backends. Currently this role enables sending of signals for
576+ canceling a query on another backend or terminating its session. A user
577+ granted this role cannot however send signals to a backend owned by a
578+ superuser. See <xref linkend="functions-admin-signal"/>.
579+ </para>
580+
581+ <para>
582+ The <literal>pg_read_server_files</literal>, <literal>pg_write_server_files</literal> and
583+ <literal>pg_execute_server_program</literal> roles are intended to allow administrators to have
584+ trusted, but non-superuser, roles which are able to access files and run programs on the
585+ database server as the user the database runs as. As these roles are able to access any file on
586+ the server file system, they bypass all database-level permission checks when accessing files
587+ directly and they could be used to gain superuser-level access, therefore
588+ great care should be taken when granting these roles to users.
589+ </para>
590+
582591 <para>
583592 Care should be taken when granting these roles to ensure they are only used where
584593 needed and with the understanding that these roles grant access to privileged
585594 information.
586595 </para>
587596
588597 <para>
589- Administrators can grant access to these roles to users using the GRANT
590- command:
598+ Administrators can grant access to these roles to users using the
599+ <xref linkend="sql-grant"/> command, for example :
591600
592601<programlisting>
593602GRANT pg_signal_backend TO admin_user;
0 commit comments