diff options
| author | Bruce Momjian <bruce@momjian.us> | 2022-08-12 15:43:23 -0400 |
|---|---|---|
| committer | Bruce Momjian <bruce@momjian.us> | 2022-08-12 15:43:23 -0400 |
| commit | fab54e6c1a3efd12bde22a24ebc2b08f6affcd04 (patch) | |
| tree | 9c691121fe1f481843e7d50a2e4784e455ef993b /doc/src | |
| parent | 115464bb5b4904e7536124eef168b7c17a56d4b4 (diff) | |
| download | postgresql-fab54e6c1a3efd12bde22a24ebc2b08f6affcd04.tar.gz | |
doc: add missing role attributes to user management section
Reported-by: Shinya Kato
Discussion: https://postgr.es/m/1ecdb1ff78e9b03dfce37e85eaca725a@oss.nttdata.com
Author: Shinya Kato
Backpatch-through: 10
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/user-manag.sgml | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/doc/src/sgml/user-manag.sgml b/doc/src/sgml/user-manag.sgml index 6eaaaa36b8..54cb253d95 100644 --- a/doc/src/sgml/user-manag.sgml +++ b/doc/src/sgml/user-manag.sgml @@ -236,6 +236,39 @@ CREATE USER <replaceable>name</replaceable>; </para> </listitem> </varlistentry> + + <varlistentry> + <term>inheritance of privileges<indexterm><primary>role</primary><secondary>privilege to inherit</secondary></indexterm></term> + <listitem> + <para> + A role is given permission to inherit the privileges of roles it is a + member of, by default. However, to create a role without the permission, + use <literal>CREATE ROLE <replaceable>name</replaceable> NOINHERIT</literal>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>bypassing row-level security<indexterm><primary>role</primary><secondary>privilege to bypass</secondary></indexterm></term> + <listitem> + <para> + A role must be explicitly given permission to bypass every row-level security (RLS) policy + (except for superusers, since those bypass all permission checks). + To create such a role, use <literal>CREATE ROLE <replaceable>name</replaceable> BYPASSRLS</literal> as a superuser. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>connection limit<indexterm><primary>role</primary><secondary>privilege to limit connection</secondary></indexterm></term> + <listitem> + <para> + Connection limit can specify how many concurrent connections a role can make. + -1 (the default) means no limit. Specify connection limit upon role creation with + <literal>CREATE ROLE <replaceable>name</replaceable> CONNECTION LIMIT '<replaceable>integer</replaceable>'</literal>. + </para> + </listitem> + </varlistentry> </variablelist> A role's attributes can be modified after creation with |