@@ -236,6 +236,39 @@ CREATE USER <replaceable>name</replaceable>;
236236 </para>
237237 </listitem>
238238 </varlistentry>
239+
240+ <varlistentry>
241+ <term>inheritance of privileges<indexterm><primary>role</primary><secondary>privilege to inherit</secondary></indexterm></term>
242+ <listitem>
243+ <para>
244+ A role is given permission to inherit the privileges of roles it is a
245+ member of, by default. However, to create a role without the permission,
246+ use <literal>CREATE ROLE <replaceable>name</replaceable> NOINHERIT</literal>.
247+ </para>
248+ </listitem>
249+ </varlistentry>
250+
251+ <varlistentry>
252+ <term>bypassing row-level security<indexterm><primary>role</primary><secondary>privilege to bypass</secondary></indexterm></term>
253+ <listitem>
254+ <para>
255+ A role must be explicitly given permission to bypass every row-level security (RLS) policy
256+ (except for superusers, since those bypass all permission checks).
257+ To create such a role, use <literal>CREATE ROLE <replaceable>name</replaceable> BYPASSRLS</literal> as a superuser.
258+ </para>
259+ </listitem>
260+ </varlistentry>
261+
262+ <varlistentry>
263+ <term>connection limit<indexterm><primary>role</primary><secondary>privilege to limit connection</secondary></indexterm></term>
264+ <listitem>
265+ <para>
266+ Connection limit can specify how many concurrent connections a role can make.
267+ -1 (the default) means no limit. Specify connection limit upon role creation with
268+ <literal>CREATE ROLE <replaceable>name</replaceable> CONNECTION LIMIT '<replaceable>integer</replaceable>'</literal>.
269+ </para>
270+ </listitem>
271+ </varlistentry>
239272 </variablelist>
240273
241274 A role's attributes can be modified after creation with