diff options
| author | Bruce Momjian <bruce@momjian.us> | 2022-08-12 15:43:23 -0400 |
|---|---|---|
| committer | Bruce Momjian <bruce@momjian.us> | 2022-08-12 15:43:23 -0400 |
| commit | 1a2ad6e3bd042cf64c2321de36abf7db2bb50578 (patch) | |
| tree | e00cabe437014bce88ba2017e105adac9aa4aeeb | |
| parent | a9885f2c77e0ecbc9487a1c729b39ebbf3d03d29 (diff) | |
| download | postgresql-1a2ad6e3bd042cf64c2321de36abf7db2bb50578.tar.gz postgresql-1a2ad6e3bd042cf64c2321de36abf7db2bb50578.zip | |
doc: add missing role attributes to user management section
Reported-by: Shinya Kato
Discussion: https://postgr.es/m/1ecdb1ff78e9b03dfce37e85eaca725a@oss.nttdata.com
Author: Shinya Kato
Backpatch-through: 10
| -rw-r--r-- | doc/src/sgml/user-manag.sgml | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/doc/src/sgml/user-manag.sgml b/doc/src/sgml/user-manag.sgml index 829decd8839..c64c470f76e 100644 --- a/doc/src/sgml/user-manag.sgml +++ b/doc/src/sgml/user-manag.sgml @@ -236,6 +236,39 @@ CREATE USER <replaceable>name</replaceable>; </para> </listitem> </varlistentry> + + <varlistentry> + <term>inheritance of privileges<indexterm><primary>role</primary><secondary>privilege to inherit</secondary></indexterm></term> + <listitem> + <para> + A role is given permission to inherit the privileges of roles it is a + member of, by default. However, to create a role without the permission, + use <literal>CREATE ROLE <replaceable>name</replaceable> NOINHERIT</literal>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>bypassing row-level security<indexterm><primary>role</primary><secondary>privilege to bypass</secondary></indexterm></term> + <listitem> + <para> + A role must be explicitly given permission to bypass every row-level security (RLS) policy + (except for superusers, since those bypass all permission checks). + To create such a role, use <literal>CREATE ROLE <replaceable>name</replaceable> BYPASSRLS</literal> as a superuser. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>connection limit<indexterm><primary>role</primary><secondary>privilege to limit connection</secondary></indexterm></term> + <listitem> + <para> + Connection limit can specify how many concurrent connections a role can make. + -1 (the default) means no limit. Specify connection limit upon role creation with + <literal>CREATE ROLE <replaceable>name</replaceable> CONNECTION LIMIT '<replaceable>integer</replaceable>'</literal>. + </para> + </listitem> + </varlistentry> </variablelist> A role's attributes can be modified after creation with |