AWS AmazonRDS documentation change
Summary
Removed detailed example of using psql \du to list roles and their permissions, and changed section title from 'Controlling user access' to 'Viewing roles and privileges'.
Security assessment
Mirrors the AuroraUserGuide change - removes an example of role inspection without addressing security vulnerabilities or adding security content.
Diff
diff --git a/AmazonRDS/latest/UserGuide/Appendix.PostgreSQL.CommonDBATasks.Roles.rds_superuser.md b/AmazonRDS/latest/UserGuide/Appendix.PostgreSQL.CommonDBATasks.Roles.rds_superuser.md index e3a15b7dd..8bb019b8a 100644 --- a//AmazonRDS/latest/UserGuide/Appendix.PostgreSQL.CommonDBATasks.Roles.rds_superuser.md +++ b//AmazonRDS/latest/UserGuide/Appendix.PostgreSQL.CommonDBATasks.Roles.rds_superuser.md @@ -64,14 +63,0 @@ In the following list, you find some of the other predefined roles that are crea -To see all predefined roles, you can connect to your RDS for PostgreSQL DB instance and use the `psql \du` metacommand. The output looks as follows: - - - List of roles - Role name | Attributes | Member of - --------------+-----------------------------------+------------------------------------ - postgres | Create role, Create DB +| {rds_superuser} - | Password valid until infinity | - rds_superuser | Cannot login | {pg_monitor,pg_signal_backend, - | +| rds_replication,rds_password} - ... - -In the output, you can see that `rds_superuser` isn't a database user role (it can't login), but it has the privileges of many other roles. You can also see that database user `postgres` is a member of the `rds_superuser` role. As mentioned previously, `postgres` is the default value in the Amazon RDS console's **Create database** page. If you chose another name, that name is shown in the list of roles instead. - @@ -86 +72 @@ Understanding PostgreSQL roles and permissions -Controlling user access to PostgreSQL +Viewing roles and privileges