Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitd891dcc

Browse files
Improve some documentation about the bootstrap superuser.
This commit adds some notes about the inability to remove superuserprivileges from the bootstrap superuser. This has been blockedsince commite530be2, but it wasn't intended be a supportedfeature before that, either.In passing, change "bootstrap user" to "bootstrap superuser" in acouple places.Author: Yurii RashkovskiiReviewed-by: Vignesh C, David G. JohnstonDiscussion:https://postgr.es/m/CA%2BRLCQzSx_eTC2Fch0EzeNHD3zFUcPvBYOoB%2BpPScFLch1DEQw%40mail.gmail.com
1 parentdd3ca8c commitd891dcc

File tree

4 files changed

+7
-4
lines changed

4 files changed

+7
-4
lines changed

‎doc/src/sgml/glossary.sgml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -247,7 +247,8 @@
247247
</para>
248248
<para>
249249
This role also behaves as a normal
250-
<glossterm linkend="glossary-database-superuser">database superuser</glossterm>.
250+
<glossterm linkend="glossary-database-superuser">database superuser</glossterm>,
251+
and its superuser status cannot be removed.
251252
</para>
252253
</glossdef>
253254
</glossentry>

‎doc/src/sgml/ref/alter_role.sgml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -69,7 +69,9 @@ ALTER ROLE { <replaceable class="parameter">role_specification</replaceable> | A
6969
<link linkend="sql-grant"><command>GRANT</command></link> and
7070
<link linkend="sql-revoke"><command>REVOKE</command></link> for that.)
7171
Attributes not mentioned in the command retain their previous settings.
72-
Database superusers can change any of these settings for any role.
72+
Database superusers can change any of these settings for any role, except
73+
for changing the <literal>SUPERUSER</literal> property for the
74+
<glossterm linkend="glossary-bootstrap-superuser">bootstrap superuser</glossterm>.
7375
Non-superuser roles having <literal>CREATEROLE</literal> privilege can
7476
change most of these properties, but only for non-superuser and
7577
non-replication roles for which they have been granted

‎doc/src/sgml/user-manag.sgml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -350,7 +350,7 @@ ALTER ROLE myname SET enable_indexscan TO off;
350350
options. Thus, the fact that privileges are not inherited by default nor
351351
is <literal>SET ROLE</literal> granted by default is a safeguard against
352352
accidents, not a security feature. Also note that, because this automatic
353-
grant is granted by the bootstrapuser, it cannot be removed or changed by
353+
grant is granted by the bootstrapsuperuser, it cannot be removed or changed by
354354
the <literal>CREATEROLE</literal> user; however, any superuser could
355355
revoke it, modify it, and/or issue additional such grants to other
356356
<literal>CREATEROLE</literal> users. Whichever <literal>CREATEROLE</literal>

‎src/backend/commands/user.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -868,7 +868,7 @@ AlterRole(ParseState *pstate, AlterRoleStmt *stmt)
868868
ereport(ERROR,
869869
(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),
870870
errmsg("permission denied to alter role"),
871-
errdetail("The bootstrapuser must have the %s attribute.",
871+
errdetail("The bootstrapsuperuser must have the %s attribute.",
872872
"SUPERUSER")));
873873

874874
new_record[Anum_pg_authid_rolsuper-1]=BoolGetDatum(should_be_super);

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp