Skip to content

Commit 6e1d1c5

Browse files
bmomjianbmomjian
committed
doc: PG 16 relnotes, merge and adjust CREATEROLE items
Reported-by: Noah Misch Discussion: https://postgr.es/m/20230805230847.GA1370050@rfd.leadboat.com Backpatch-through: 16 only
1 parent 89cadf3 commit 6e1d1c5

File tree

1 file changed

+18
-31
lines changed

1 file changed

+18
-31
lines changed

doc/src/sgml/release-16.sgml

Lines changed: 18 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -244,6 +244,24 @@ Collations and locales can vary between databases so having them as read-only se
244244
</para>
245245
</listitem>
246246

247+
<!--
248+
Author: Robert Haas <rhaas@postgresql.org>
249+
2023-01-10 [cf5eb37c5] Restrict the privileges of CREATEROLE users.
250+
Author: Robert Haas <rhaas@postgresql.org>
251+
2023-01-24 [f1358ca52] Adjust interaction of CREATEROLE with role properties.
252+
-->
253+
254+
<listitem>
255+
<para>
256+
Restrict the privileges of CREATEROLE and its ability to modify other roles (Robert Haas)
257+
</para>
258+
259+
<para>
260+
Previously roles with CREATEROLE privileges could change many aspects of any non-superuser role. Such changes, including adding members, now require the role requesting the change to have ADMIN OPTION
261+
permission. For example, they can now change the CREATEDB, REPLICATION, and BYPASSRLS properties only if they also have those permissions.
262+
</para>
263+
</listitem>
264+
247265
<!--
248266
Author: Nathan Bossart <nathan@postgresql.org>
249267
2023-05-21 [2dcd1578c] Rename some createuser options.
@@ -822,37 +840,6 @@ Previously CREATEROLE permission was required.
822840
</para>
823841
</listitem>
824842

825-
<!--
826-
Author: Robert Haas <rhaas@postgresql.org>
827-
2023-01-10 [cf5eb37c5] Restrict the privileges of CREATEROLE users.
828-
-->
829-
830-
<listitem>
831-
<para>
832-
Restrict the privileges of CREATEROLE roles (Robert Haas)
833-
</para>
834-
835-
<para>
836-
Previously roles with CREATEROLE privileges could change many aspects of any non-superuser role. Such changes, including adding members, now require the role requesting the change to have ADMIN OPTION
837-
permission.
838-
</para>
839-
</listitem>
840-
841-
<!--
842-
Author: Robert Haas <rhaas@postgresql.org>
843-
2023-01-24 [f1358ca52] Adjust interaction of CREATEROLE with role properties.
844-
-->
845-
846-
<listitem>
847-
<para>
848-
Improve logic of CREATEROLE roles ability to control other roles (Robert Haas)
849-
</para>
850-
851-
<para>
852-
For example, they can change the CREATEDB, REPLICATION, and BYPASSRLS properties only if they also have those permissions.
853-
</para>
854-
</listitem>
855-
856843
<!--
857844
Author: Robert Haas <rhaas@postgresql.org>
858845
2022-08-25 [e3ce2de09] Allow grant-level control of role inheritance behavior.

0 commit comments

Comments
 (0)