@@ -169,7 +169,8 @@ CREATE USER <replaceable>name</replaceable>;
169169 <term>superuser status<indexterm><primary>superuser</></></term>
170170 <listitem>
171171 <para>
172- A database superuser bypasses all permission checks. This is a
172+ A database superuser bypasses all permission checks, except the right
173+ to log in or the right to initiate replication. This is a
173174 dangerous privilege and should not be used carelessly; it is best
174175 to do most of your work as a role that is not a superuser.
175176 To create a new database superuser, use <literal>CREATE ROLE
@@ -208,6 +209,20 @@ CREATE USER <replaceable>name</replaceable>;
208209 </listitem>
209210 </varlistentry>
210211
212+ <varlistentry>
213+ <term>initiating replication<indexterm><primary>role</><secondary>privilege to initiate replication</></></term>
214+ <listitem>
215+ <para>
216+ A role must explicitly be given permission to initiate streaming
217+ replication (superusers do not bypass this check). A role used
218+ for streaming replication must always have <literal>LOGIN</>
219+ permission as well. To create such a role, use
220+ <literal>CREATE ROLE <replaceable>name</replaceable> REPLICATION
221+ LOGIN</literal>.
222+ </para>
223+ </listitem>
224+ </varlistentry>
225+
211226 <varlistentry>
212227 <term>password<indexterm><primary>password</></></term>
213228 <listitem>