On Fri, Mar 22, 2024 at 03:45:06PM -0500, Nathan Bossart wrote: > On Fri, Mar 22, 2024 at 03:58:59PM -0400, Robert Haas wrote: >> On Fri, Nov 10, 2023 at 12:41 PM Nathan Bossart >> <nathandboss...@gmail.com> wrote: >>> I still think we should update the existing note about privileges for >>> SET/RESET ROLE to something like the following: >>> >>> diff --git a/doc/src/sgml/ref/set_role.sgml b/doc/src/sgml/ref/set_role.sgml >>> index 13bad1bf66..c91a95f5af 100644 >>> --- a/doc/src/sgml/ref/set_role.sgml >>> +++ b/doc/src/sgml/ref/set_role.sgml >>> @@ -41,8 +41,10 @@ RESET ROLE >>> </para> >>> >>> <para> >>> - The specified <replaceable class="parameter">role_name</replaceable> >>> - must be a role that the current session user is a member of. >>> + The current session user must have the <literal>SET</option> for the >>> + specified <replaceable class="parameter">role_name</replaceable>, either >>> + directly or indirectly via a chain of memberships with the >>> + <literal>SET</literal> option. >>> (If the session user is a superuser, any role can be selected.) >>> </para> >> >> This is a good change; I should have done this when SET was added. > > Cool.
Actually, shouldn't this one be back-patched to v16? If so, I'd do that one separately from the other changes we are discussing. -- Nathan Bossart Amazon Web Services: https://aws.amazon.com
