diff options
| author | Bruce Momjian <bruce@momjian.us> | 2022-08-12 15:43:23 -0400 |
|---|---|---|
| committer | Bruce Momjian <bruce@momjian.us> | 2022-08-12 15:43:23 -0400 |
| commit | 560d052ebdb287965a5f34a8191e246d5aaf6cda (patch) | |
| tree | eaeef064538130c22eb34774512e7b60e8d830cc | |
| parent | 4445461cdff3580a2a698e89f66efd467f1bb5df (diff) | |
| download | postgresql-560d052ebdb287965a5f34a8191e246d5aaf6cda.tar.gz postgresql-560d052ebdb287965a5f34a8191e246d5aaf6cda.zip | |
doc: add missing role attributes to user management section
Reported-by: Shinya Kato
Discussion: https://postgr.es/m/1ecdb1ff78e9b03dfce37e85eaca725a@oss.nttdata.com
Author: Shinya Kato
Backpatch-through: 10
| -rw-r--r-- | doc/src/sgml/user-manag.sgml | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/doc/src/sgml/user-manag.sgml b/doc/src/sgml/user-manag.sgml index 6eaaaa36b88..54cb253d95e 100644 --- a/doc/src/sgml/user-manag.sgml +++ b/doc/src/sgml/user-manag.sgml @@ -236,6 +236,39 @@ CREATE USER <replaceable>name</replaceable>; </para> </listitem> </varlistentry> + + <varlistentry> + <term>inheritance of privileges<indexterm><primary>role</primary><secondary>privilege to inherit</secondary></indexterm></term> + <listitem> + <para> + A role is given permission to inherit the privileges of roles it is a + member of, by default. However, to create a role without the permission, + use <literal>CREATE ROLE <replaceable>name</replaceable> NOINHERIT</literal>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>bypassing row-level security<indexterm><primary>role</primary><secondary>privilege to bypass</secondary></indexterm></term> + <listitem> + <para> + A role must be explicitly given permission to bypass every row-level security (RLS) policy + (except for superusers, since those bypass all permission checks). + To create such a role, use <literal>CREATE ROLE <replaceable>name</replaceable> BYPASSRLS</literal> as a superuser. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>connection limit<indexterm><primary>role</primary><secondary>privilege to limit connection</secondary></indexterm></term> + <listitem> + <para> + Connection limit can specify how many concurrent connections a role can make. + -1 (the default) means no limit. Specify connection limit upon role creation with + <literal>CREATE ROLE <replaceable>name</replaceable> CONNECTION LIMIT '<replaceable>integer</replaceable>'</literal>. + </para> + </listitem> + </varlistentry> </variablelist> A role's attributes can be modified after creation with |