Greetings, * Bruce Momjian (br...@momjian.us) wrote: > I have committed the first draft of the PG 14 release notes. You can > see the most current build of them here: > > https://momjian.us/pgsql_docs/release-14.html
It occurs to me that the wording around the new default roles could probably be better. Specifically: Add predefined roles pg_read_all_data and pg_write_all_data (Stephen Frost) These non-login roles give read-only/write-only access to all objects. Might be better as: These non-login roles give read, or write, access to all tables, views, and sequences. (These roles don't actually allow, for example, a function to be redefined, so saying 'all objects' isn't quite right either.) While these roles could be used to create a 'read only' or 'write only' role, they, themselves, do not explicitly convey that on to a role because they don't do anything to prevent someone from GRANT'ing other rights to some role which has been GRANT'd these predefined roles. I don't think anyone on this list thought differently from that, but the phrasing strikes me as potentially confusing. Maybe another way would be: These non-login roles give (only) read, or write, access to all tables, views, and sequences. but I don't think saying 'only' there really adds anything and instead invites confusion. Thanks! Stephen
signature.asc
Description: PGP signature
