File tree Expand file tree Collapse file tree 26 files changed +96
-67
lines changed
Filter options
Expand file tree Collapse file tree 26 files changed +96
-67
lines changed
Original file line number Diff line number Diff line change @@ -1741,8 +1741,8 @@ ALTER TABLE products RENAME TO items;
17411741ALTER TABLE <replaceable>table_name</replaceable> OWNER TO <replaceable>new_owner</replaceable>;
17421742</programlisting>
17431743 Superusers can always do this; ordinary roles can only do it if they are
1744- both the current owner of the object (or a member of the owning role) and
1745- a member of the new owning role.
1744+ both the current owner of the object (or inherit the privileges of the
1745+ owning role) and able to <literal>SET ROLE</literal> to the new owning role.
17461746 </para>
17471747
17481748 <para>
Original file line number Diff line number Diff line change @@ -46,9 +46,10 @@ ALTER AGGREGATE <replaceable>name</replaceable> ( <replaceable>aggregate_signatu
4646 You must own the aggregate function to use <command>ALTER AGGREGATE</command>.
4747 To change the schema of an aggregate function, you must also have
4848 <literal>CREATE</literal> privilege on the new schema.
49- To alter the owner, you must also be a direct or indirect member of the new
50- owning role, and that role must have <literal>CREATE</literal> privilege on
51- the aggregate function's schema. (These restrictions enforce that altering
49+ To alter the owner, you must be able to <literal>SET ROLE</literal> to the
50+ new owning role, and that role must have <literal>CREATE</literal>
51+ privilege on the aggregate function's schema.
52+ (These restrictions enforce that altering
5253 the owner doesn't do anything you couldn't do by dropping and recreating
5354 the aggregate function. However, a superuser can alter ownership of any
5455 aggregate function anyway.)
Original file line number Diff line number Diff line change @@ -39,9 +39,10 @@ ALTER COLLATION <replaceable>name</replaceable> SET SCHEMA <replaceable>new_sche
3939
4040 <para>
4141 You must own the collation to use <command>ALTER COLLATION</command>.
42- To alter the owner, you must also be a direct or indirect member of the new
43- owning role, and that role must have <literal>CREATE</literal> privilege on
44- the collation's schema. (These restrictions enforce that altering the
42+ To alter the owner, you must be able to <literal>SET ROLE</literal> to the
43+ new owning role, and that role must have <literal>CREATE</literal>
44+ privilege on the collation's schema.
45+ (These restrictions enforce that altering the
4546 owner doesn't do anything you couldn't do by dropping and recreating the
4647 collation. However, a superuser can alter ownership of any collation
4748 anyway.)
Original file line number Diff line number Diff line change @@ -37,9 +37,10 @@ ALTER CONVERSION <replaceable>name</replaceable> SET SCHEMA <replaceable>new_sch
3737
3838 <para>
3939 You must own the conversion to use <command>ALTER CONVERSION</command>.
40- To alter the owner, you must also be a direct or indirect member of the new
41- owning role, and that role must have <literal>CREATE</literal> privilege on
42- the conversion's schema. (These restrictions enforce that altering the
40+ To alter the owner, you must be able to <literal>SET ROLE</literal> to the
41+ new owning role, and that role must have <literal>CREATE</literal>
42+ privilege on the conversion's schema.
43+ (These restrictions enforce that altering the
4344 owner doesn't do anything you couldn't do by dropping and recreating the
4445 conversion. However, a superuser can alter ownership of any conversion
4546 anyway.)
Original file line number Diff line number Diff line change @@ -68,8 +68,8 @@ ALTER DATABASE <replaceable class="parameter">name</replaceable> RESET ALL
6868
6969 <para>
7070 The third form changes the owner of the database.
71- To alter the owner, you must own the database and also be a direct or
72- indirect member of the new owning role, and you must have the
71+ To alter the owner, you must be able to <literal>SET ROLE</literal> to the
72+ new owning role, and you must have the
7373 <literal>CREATEDB</literal> privilege.
7474 (Note that superusers have all these privileges automatically.)
7575 </para>
Original file line number Diff line number Diff line change @@ -157,9 +157,9 @@ ALTER DOMAIN <replaceable class="parameter">name</replaceable>
157157 You must own the domain to use <command>ALTER DOMAIN</command>.
158158 To change the schema of a domain, you must also have
159159 <literal>CREATE</literal> privilege on the new schema.
160- To alter the owner, you must also be a direct or indirect member of the new
161- owning role, and that role must have <literal>CREATE</literal> privilege on
162- the domain's schema. (These restrictions enforce that altering the owner
160+ To alter the owner, you must be able to <literal>SET ROLE</literal> to the
161+ new owning role, and that role must have <literal>CREATE</literal> privilege
162+ on the domain's schema. (These restrictions enforce that altering the owner
163163 doesn't do anything you couldn't do by dropping and recreating the domain.
164164 However, a superuser can alter ownership of any domain anyway.)
165165 </para>
Original file line number Diff line number Diff line change @@ -320,9 +320,9 @@ ALTER FOREIGN TABLE [ IF EXISTS ] <replaceable class="parameter">name</replaceab
320320 You must own the table to use <command>ALTER FOREIGN TABLE</command>.
321321 To change the schema of a foreign table, you must also have
322322 <literal>CREATE</literal> privilege on the new schema.
323- To alter the owner, you must also be a direct or indirect member of the new
324- owning role, and that role must have <literal>CREATE</literal> privilege on
325- the table's schema. (These restrictions enforce that altering the owner
323+ To alter the owner, you must be able to <literal>SET ROLE</literal> to the
324+ new owning role, and that role must have <literal>CREATE</literal> privilege
325+ on the table's schema. (These restrictions enforce that altering the owner
326326 doesn't do anything you couldn't do by dropping and recreating the table.
327327 However, a superuser can alter ownership of any table anyway.)
328328 To add a column or alter a column type, you must also
Original file line number Diff line number Diff line change @@ -60,9 +60,9 @@ ALTER FUNCTION <replaceable>name</replaceable> [ ( [ [ <replaceable class="param
6060 <para>
6161 You must own the function to use <command>ALTER FUNCTION</command>.
6262 To change a function's schema, you must also have <literal>CREATE</literal>
63- privilege on the new schema.
64- To alter the owner, you must also be a direct or indirect member of the new
65- owning role, and that role must have <literal>CREATE</literal> privilege on
63+ privilege on the new schema. To alter the owner, you must be able to
64+ <literal>SET ROLE</literal> to the new owning role, and that role must
65+ have <literal>CREATE</literal> privilege on
6666 the function's schema. (These restrictions enforce that altering the owner
6767 doesn't do anything you couldn't do by dropping and recreating the function.
6868 However, a superuser can alter ownership of any function anyway.)
Original file line number Diff line number Diff line change @@ -35,8 +35,9 @@ ALTER LARGE OBJECT <replaceable class="parameter">large_object_oid</replaceable>
3535
3636 <para>
3737 You must own the large object to use <command>ALTER LARGE OBJECT</command>.
38- To alter the owner, you must also be a direct or indirect member of the new
39- owning role. (However, a superuser can alter any large object anyway.)
38+ To alter the owner, you must also be able to <literal>SET ROLE</literal> to
39+ the new owning role.
40+ (However, a superuser can alter any large object anyway.)
4041 Currently, the only functionality is to assign a new owner, so both
4142 restrictions always apply.
4243 </para>
Original file line number Diff line number Diff line change @@ -63,9 +63,10 @@ ALTER MATERIALIZED VIEW ALL IN TABLESPACE <replaceable class="parameter">name</r
6363 You must own the materialized view to use <command>ALTER MATERIALIZED
6464 VIEW</command>. To change a materialized view's schema, you must also have
6565 <literal>CREATE</literal> privilege on the new schema.
66- To alter the owner, you must also be a direct or indirect member of the new
67- owning role, and that role must have <literal>CREATE</literal> privilege on
68- the materialized view's schema. (These restrictions enforce that altering
66+ To alter the owner, you must be able to <literal>SET ROLE</literal> to the
67+ new owning role, and that role must have <literal>CREATE</literal>
68+ privilege on the materialized view's schema.
69+ (These restrictions enforce that altering
6970 the owner doesn't do anything you couldn't do by dropping and recreating the
7071 materialized view. However, a superuser can alter ownership of any view
7172 anyway.)
Original file line number Diff line number Diff line change @@ -42,9 +42,10 @@ ALTER OPERATOR CLASS <replaceable>name</replaceable> USING <replaceable class="p
4242
4343 <para>
4444 You must own the operator class to use <command>ALTER OPERATOR CLASS</command>.
45- To alter the owner, you must also be a direct or indirect member of the new
46- owning role, and that role must have <literal>CREATE</literal> privilege on
47- the operator class's schema. (These restrictions enforce that altering the
45+ To alter the owner, you must be able to <literal>SET ROLE</literal> to the
46+ new owning role, and that role must have <literal>CREATE</literal>
47+ privilege on the operator class's schema.
48+ (These restrictions enforce that altering the
4849 owner doesn't do anything you couldn't do by dropping and recreating the
4950 operator class. However, a superuser can alter ownership of any operator
5051 class anyway.)
Original file line number Diff line number Diff line change @@ -44,9 +44,10 @@ ALTER OPERATOR <replaceable>name</replaceable> ( { <replaceable>left_type</repla
4444
4545 <para>
4646 You must own the operator to use <command>ALTER OPERATOR</command>.
47- To alter the owner, you must also be a direct or indirect member of the new
48- owning role, and that role must have <literal>CREATE</literal> privilege on
49- the operator's schema. (These restrictions enforce that altering the owner
47+ To alter the owner, you must be able to <literal>SET ROLE</literal> to the
48+ new owning role, and that role must have <literal>CREATE</literal>
49+ privilege on the operator's schema.
50+ (These restrictions enforce that altering the owner
5051 doesn't do anything you couldn't do by dropping and recreating the operator.
5152 However, a superuser can alter ownership of any operator anyway.)
5253 </para>
Original file line number Diff line number Diff line change @@ -54,9 +54,10 @@ ALTER PROCEDURE <replaceable>name</replaceable> [ ( [ [ <replaceable class="para
5454 You must own the procedure to use <command>ALTER PROCEDURE</command>.
5555 To change a procedure's schema, you must also have <literal>CREATE</literal>
5656 privilege on the new schema.
57- To alter the owner, you must also be a direct or indirect member of the new
58- owning role, and that role must have <literal>CREATE</literal> privilege on
59- the procedure's schema. (These restrictions enforce that altering the owner
57+ To alter the owner, you must be able to <literal>SET ROLE</literal> to the
58+ new owning role, and that role must have <literal>CREATE</literal>
59+ privilege on the procedure's schema.
60+ (These restrictions enforce that altering the owner
6061 doesn't do anything you couldn't do by dropping and recreating the procedure.
6162 However, a superuser can alter ownership of any procedure anyway.)
6263 </para>
Original file line number Diff line number Diff line change @@ -75,10 +75,12 @@ ALTER PUBLICATION <replaceable class="parameter">name</replaceable> RENAME TO <r
7575 Adding a table to a publication additionally requires owning that table.
7676 The <literal>ADD TABLES IN SCHEMA</literal> and
7777 <literal>SET TABLES IN SCHEMA</literal> to a publication requires the
78- invoking user to be a superuser. To alter the owner, you must also be a
79- direct or indirect member of the new owning role. The new owner must have
80- <literal>CREATE</literal> privilege on the database. Also, the new owner
81- of a <literal>FOR ALL TABLES</literal> or <literal>FOR TABLES IN SCHEMA</literal>
78+ invoking user to be a superuser.
79+ To alter the owner, you must be able to <literal>SET ROLE</literal> to the
80+ new owning role, and that role must have <literal>CREATE</literal>
81+ privilege on the database.
82+ Also, the new owner of a <literal>FOR ALL TABLES</literal> or
83+ <literal>FOR TABLES IN SCHEMA</literal>
8284 publication must be a superuser. However, a superuser can
8385 change the ownership of a publication regardless of these restrictions.
8486 </para>
Original file line number Diff line number Diff line change @@ -37,8 +37,8 @@ ALTER SCHEMA <replaceable>name</replaceable> OWNER TO { <replaceable>new_owner</
3737 You must own the schema to use <command>ALTER SCHEMA</command>.
3838 To rename a schema you must also have the
3939 <literal>CREATE</literal> privilege for the database.
40- To alter the owner, you must also be a direct or
41- indirect member of the new owning role, and you must have the
40+ To alter the owner, you must be able to <literal>SET ROLE</literal> to the
41+ new owning role, and that role must have the
4242 <literal>CREATE</literal> privilege for the database.
4343 (Note that superusers have all these privileges automatically.)
4444 </para>
Original file line number Diff line number Diff line change @@ -51,9 +51,10 @@ ALTER SEQUENCE [ IF EXISTS ] <replaceable class="parameter">name</replaceable> S
5151 You must own the sequence to use <command>ALTER SEQUENCE</command>.
5252 To change a sequence's schema, you must also have <literal>CREATE</literal>
5353 privilege on the new schema.
54- To alter the owner, you must also be a direct or indirect member of the new
55- owning role, and that role must have <literal>CREATE</literal> privilege on
56- the sequence's schema. (These restrictions enforce that altering the owner
54+ To alter the owner, you must be able to <literal>SET ROLE</literal> to the
55+ new owning role, and that role must have <literal>CREATE</literal>
56+ privilege on the sequence's schema.
57+ (These restrictions enforce that altering the owner
5758 doesn't do anything you couldn't do by dropping and recreating the sequence.
5859 However, a superuser can alter ownership of any sequence anyway.)
5960 </para>
Original file line number Diff line number Diff line change @@ -40,8 +40,8 @@ ALTER SERVER <replaceable class="parameter">name</replaceable> RENAME TO <replac
4040
4141 <para>
4242 To alter the server you must be the owner of the server.
43- Additionally to alter the owner, you must own the server and also
44- be a direct or indirect member of the new owning role, and you must
43+ Additionally to alter the owner, you must be able to
44+ <literal>SET ROLE</literal> to the new owning role, and you must
4545 have <literal>USAGE</literal> privilege on the server's foreign-data
4646 wrapper. (Note that superusers satisfy all these criteria
4747 automatically.)
Original file line number Diff line number Diff line change @@ -43,9 +43,10 @@ ALTER STATISTICS <replaceable class="parameter">name</replaceable> SET STATISTIC
4343 You must own the statistics object to use <command>ALTER STATISTICS</command>.
4444 To change a statistics object's schema, you must also
4545 have <literal>CREATE</literal> privilege on the new schema.
46- To alter the owner, you must also be a direct or indirect member of the new
47- owning role, and that role must have <literal>CREATE</literal> privilege on
48- the statistics object's schema. (These restrictions enforce that altering
46+ To alter the owner, you must be able to <literal>SET ROLE</literal> to the
47+ new owning role, and that role must have <literal>CREATE</literal>
48+ privilege on the statistics object's schema.
49+ (These restrictions enforce that altering
4950 the owner doesn't do anything you couldn't do by dropping and recreating
5051 the statistics object. However, a superuser can alter ownership of any
5152 statistics object anyway.)
Original file line number Diff line number Diff line change @@ -46,8 +46,8 @@ ALTER SUBSCRIPTION <replaceable class="parameter">name</replaceable> RENAME TO <
4646
4747 <para>
4848 You must own the subscription to use <command>ALTER SUBSCRIPTION</command>.
49- To alter the owner, you must also be a direct or indirect member of the
50- new owning role. The new owner has to be a superuser.
49+ To alter the owner, you must be able to <literal>SET ROLE</literal> to the
50+ new owning role. The new owner has to be a superuser.
5151 (Currently, all subscription owners must be superusers, so the owner checks
5252 will be bypassed in practice. But this might change in the future.)
5353 </para>
Original file line number Diff line number Diff line change @@ -1106,9 +1106,10 @@ WITH ( MODULUS <replaceable class="parameter">numeric_literal</replaceable>, REM
11061106 To add the table as a new child of a parent table, you must own the parent
11071107 table as well. Also, to attach a table as a new partition of the table,
11081108 you must own the table being attached.
1109- To alter the owner, you must also be a direct or indirect member of the new
1110- owning role, and that role must have <literal>CREATE</literal> privilege on
1111- the table's schema. (These restrictions enforce that altering the owner
1109+ To alter the owner, you must be able to <literal>SET ROLE</literal> to the
1110+ new owning role, and that role must have <literal>CREATE</literal>
1111+ privilege on the table's schema.
1112+ (These restrictions enforce that altering the owner
11121113 doesn't do anything you couldn't do by dropping and recreating the table.
11131114 However, a superuser can alter ownership of any table anyway.)
11141115 To add a column or alter a column type or use the <literal>OF</literal>
Original file line number Diff line number Diff line change @@ -38,8 +38,8 @@ ALTER TABLESPACE <replaceable>name</replaceable> RESET ( <replaceable class="par
3838
3939 <para>
4040 You must own the tablespace to change the definition of a tablespace.
41- To alter the owner, you must also be a direct or indirect member of the new
42- owning role.
41+ To alter the owner, you must also be able to <literal>SET ROLE</literal>
42+ to the new owning role.
4343 (Note that superusers have these privileges automatically.)
4444 </para>
4545
Original file line number Diff line number Diff line change @@ -246,9 +246,10 @@ ALTER TYPE <replaceable class="parameter">name</replaceable> SET ( <replaceable
246246 You must own the type to use <command>ALTER TYPE</command>.
247247 To change the schema of a type, you must also have
248248 <literal>CREATE</literal> privilege on the new schema.
249- To alter the owner, you must also be a direct or indirect member of the new
250- owning role, and that role must have <literal>CREATE</literal> privilege on
251- the type's schema. (These restrictions enforce that altering the owner
249+ To alter the owner, you must be able to <literal>SET ROLE</literal> to the
250+ new owning role, and that role must have <literal>CREATE</literal>
251+ privilege on the type's schema.
252+ (These restrictions enforce that altering the owner
252253 doesn't do anything you couldn't do by dropping and recreating the type.
253254 However, a superuser can alter ownership of any type anyway.)
254255 To add an attribute or alter an attribute type, you must also
Original file line number Diff line number Diff line change @@ -45,9 +45,10 @@ ALTER VIEW [ IF EXISTS ] <replaceable class="parameter">name</replaceable> RESET
4545 You must own the view to use <command>ALTER VIEW</command>.
4646 To change a view's schema, you must also have <literal>CREATE</literal>
4747 privilege on the new schema.
48- To alter the owner, you must also be a direct or indirect member of the new
49- owning role, and that role must have <literal>CREATE</literal> privilege on
50- the view's schema. (These restrictions enforce that altering the owner
48+ To alter the owner, you must be able to <literal>SET ROLE</literal> to the
49+ new owning role, and that role must have <literal>CREATE</literal>
50+ privilege on the view's schema.
51+ (These restrictions enforce that altering the owner
5152 doesn't do anything you couldn't do by dropping and recreating the view.
5253 However, a superuser can alter ownership of any view anyway.)
5354 </para>
Original file line number Diff line number Diff line change @@ -89,8 +89,8 @@ CREATE DATABASE <replaceable class="parameter">name</replaceable>
8989 The role name of the user who will own the new database,
9090 or <literal>DEFAULT</literal> to use the default (namely, the
9191 user executing the command). To create a database owned by another
92- role, you must be a direct or indirect member of that role,
93- or be a superuser .
92+ role, you must must be able to <literal>SET ROLE</literal> to that
93+ role .
9494 </para>
9595 </listitem>
9696 </varlistentry>
Original file line number Diff line number Diff line change @@ -89,8 +89,8 @@ CREATE SCHEMA IF NOT EXISTS AUTHORIZATION <replaceable class="parameter">role_sp
8989 <para>
9090 The role name of the user who will own the new schema. If omitted,
9191 defaults to the user executing the command. To create a schema
92- owned by another role, you must be a direct or indirect member of
93- that role, or be a superuser .
92+ owned by another role, you must must be able to
93+ <literal>SET ROLE</literal> to that role .
9494 </para>
9595 </listitem>
9696 </varlistentry>
You can’t perform that action at this time.
0 commit comments