Skip to content

Commit fab54e6

Browse files
committed
doc: add missing role attributes to user management section
Reported-by: Shinya Kato Discussion: https://postgr.es/m/[email protected] Author: Shinya Kato Backpatch-through: 10
1 parent 115464b commit fab54e6

File tree

1 file changed

+33
-0
lines changed

1 file changed

+33
-0
lines changed

doc/src/sgml/user-manag.sgml

+33
Original file line numberDiff line numberDiff line change
@@ -236,6 +236,39 @@ CREATE USER <replaceable>name</replaceable>;
236236
</para>
237237
</listitem>
238238
</varlistentry>
239+
240+
<varlistentry>
241+
<term>inheritance of privileges<indexterm><primary>role</primary><secondary>privilege to inherit</secondary></indexterm></term>
242+
<listitem>
243+
<para>
244+
A role is given permission to inherit the privileges of roles it is a
245+
member of, by default. However, to create a role without the permission,
246+
use <literal>CREATE ROLE <replaceable>name</replaceable> NOINHERIT</literal>.
247+
</para>
248+
</listitem>
249+
</varlistentry>
250+
251+
<varlistentry>
252+
<term>bypassing row-level security<indexterm><primary>role</primary><secondary>privilege to bypass</secondary></indexterm></term>
253+
<listitem>
254+
<para>
255+
A role must be explicitly given permission to bypass every row-level security (RLS) policy
256+
(except for superusers, since those bypass all permission checks).
257+
To create such a role, use <literal>CREATE ROLE <replaceable>name</replaceable> BYPASSRLS</literal> as a superuser.
258+
</para>
259+
</listitem>
260+
</varlistentry>
261+
262+
<varlistentry>
263+
<term>connection limit<indexterm><primary>role</primary><secondary>privilege to limit connection</secondary></indexterm></term>
264+
<listitem>
265+
<para>
266+
Connection limit can specify how many concurrent connections a role can make.
267+
-1 (the default) means no limit. Specify connection limit upon role creation with
268+
<literal>CREATE ROLE <replaceable>name</replaceable> CONNECTION LIMIT '<replaceable>integer</replaceable>'</literal>.
269+
</para>
270+
</listitem>
271+
</varlistentry>
239272
</variablelist>
240273

241274
A role's attributes can be modified after creation with

0 commit comments

Comments
 (0)