diff options
| -rw-r--r-- | doc/src/sgml/user-manag.sgml | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/doc/src/sgml/user-manag.sgml b/doc/src/sgml/user-manag.sgml index 829decd8839..c64c470f76e 100644 --- a/doc/src/sgml/user-manag.sgml +++ b/doc/src/sgml/user-manag.sgml @@ -236,6 +236,39 @@ CREATE USER <replaceable>name</replaceable>; </para> </listitem> </varlistentry> + + <varlistentry> + <term>inheritance of privileges<indexterm><primary>role</primary><secondary>privilege to inherit</secondary></indexterm></term> + <listitem> + <para> + A role is given permission to inherit the privileges of roles it is a + member of, by default. However, to create a role without the permission, + use <literal>CREATE ROLE <replaceable>name</replaceable> NOINHERIT</literal>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>bypassing row-level security<indexterm><primary>role</primary><secondary>privilege to bypass</secondary></indexterm></term> + <listitem> + <para> + A role must be explicitly given permission to bypass every row-level security (RLS) policy + (except for superusers, since those bypass all permission checks). + To create such a role, use <literal>CREATE ROLE <replaceable>name</replaceable> BYPASSRLS</literal> as a superuser. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>connection limit<indexterm><primary>role</primary><secondary>privilege to limit connection</secondary></indexterm></term> + <listitem> + <para> + Connection limit can specify how many concurrent connections a role can make. + -1 (the default) means no limit. Specify connection limit upon role creation with + <literal>CREATE ROLE <replaceable>name</replaceable> CONNECTION LIMIT '<replaceable>integer</replaceable>'</literal>. + </para> + </listitem> + </varlistentry> </variablelist> A role's attributes can be modified after creation with |