Thread: some charts or graphs of possible permissions would be nice

The following documentation comment has been logged on the website:

Page: https://www.postgresql.org/docs/11/sql-grant.html
Description:

Having read through the documentation on roles/granting I think I more or
less understand how it works, but what isn't really clarified is what the
overall universe of permissions that can be granted looks like. For example
I still didn't realize that to create a schema, you need to "GRANT CREATE"
to the role on the database before the role is allowed to do that. It's hard
to make a mental map of everything that a new role might need when I am
creating it.

On Tue, 2020-06-09 at 21:34 +0000, PG Doc comments form wrote:
> Having read through the documentation on roles/granting I think I more or
> less understand how it works, but what isn't really clarified is what the
> overall universe of permissions that can be granted looks like. For example
> I still didn't realize that to create a schema, you need to "GRANT CREATE"
> to the role on the database before the role is allowed to do that. It's hard
> to make a mental map of everything that a new role might need when I am
> creating it.

That would be material for a tutorial rather than a documentation.

Yours,
Laurenz Albe

On 2020-Jun-10, Laurenz Albe wrote:

> On Tue, 2020-06-09 at 21:34 +0000, PG Doc comments form wrote:
> > Having read through the documentation on roles/granting I think I more or
> > less understand how it works, but what isn't really clarified is what the
> > overall universe of permissions that can be granted looks like. For example
> > I still didn't realize that to create a schema, you need to "GRANT CREATE"
> > to the role on the database before the role is allowed to do that. It's hard
> > to make a mental map of everything that a new role might need when I am
> > creating it.
> 
> That would be material for a tutorial rather than a documentation.

... but our documentation *does* have a tutorial, which could perhaps
gain a section about privileges.

-- 
Álvaro Herrera                https://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services

On 10.06.20 17:53, Alvaro Herrera wrote:
> On 2020-Jun-10, Laurenz Albe wrote:
>
>> On Tue, 2020-06-09 at 21:34 +0000, PG Doc comments form wrote:
>>> Having read through the documentation on roles/granting I think I more or
>>> less understand how it works, but what isn't really clarified is what the
>>> overall universe of permissions that can be granted looks like. For example
>>> I still didn't realize that to create a schema, you need to "GRANT CREATE"
>>> to the role on the database before the role is allowed to do that. It's hard
>>> to make a mental map of everything that a new role might need when I am
>>> creating it.
>> That would be material for a tutorial rather than a documentation.
> ... but our documentation *does* have a tutorial, which could perhaps
> gain a section about privileges.
>
What permissions issues do users typically struggle with? I personally 
have seen no problems in this area. Stephen sends one example; can you 
send more examples - or even a short text or a sketch of what you expect 
to be in the documentation?

More general: Is it a real problem? My experience is that in most cases 
permissions are handled at the application level, not at the database 
level. Is it worth to give more details? I don't think so. But it may be 
a good idea to follow Stephen's suggestion and put an introductory 
summary to the tutorial chapter.

--

Jürgen Purtz