From a609d96778c1714b9af916477b2c30891fbe578a Mon Sep 17 00:00:00 2001
From: Alvaro Herrera <alvherre@alvh.no-ip.org>
Date: Tue, 23 Dec 2014 15:35:49 -0300
Subject: Revert "Use a bitmask to represent role attributes"

This reverts commit 1826987a46d079458007b7b6bbcbbd852353adbb.

The overall design was deemed unacceptable, in discussion following the
previous commit message; we might find some parts of it still
salvageable, but I don't want to be on the hook for fixing it, so let's
wait until we have a new patch.
---
 doc/src/sgml/catalogs.sgml | 127 +++++++++++++++------------------------------
 doc/src/sgml/func.sgml     | 127 ---------------------------------------------
 2 files changed, 41 insertions(+), 213 deletions(-)

(limited to 'doc/src')

diff --git a/doc/src/sgml/catalogs.sgml b/doc/src/sgml/catalogs.sgml
index 947091627fd..9ceb96b54c7 100644
--- a/doc/src/sgml/catalogs.sgml
+++ b/doc/src/sgml/catalogs.sgml
@@ -1391,134 +1391,89 @@
      </row>
 
      <row>
-      <entry><structfield>rolattr</structfield></entry>
-      <entry><type>bigint</type></entry>
-      <entry>
-       Role attributes; see <xref linkend="catalog-rolattr-bitmap-table"> and
-       <xref linkend="sql-createrole"> for details
-      </entry>
-     </row>
-
-     <row>
-      <entry><structfield>rolconnlimit</structfield></entry>
-      <entry><type>int4</type></entry>
-      <entry>
-       For roles that can log in, this sets maximum number of concurrent
-       connections this role can make.  -1 means no limit.
-      </entry>
-     </row>
-
-     <row>
-      <entry><structfield>rolpassword</structfield></entry>
-      <entry><type>text</type></entry>
-      <entry>
-       Password (possibly encrypted); null if none.  If the password
-       is encrypted, this column will begin with the string <literal>md5</>
-       followed by a 32-character hexadecimal MD5 hash.  The MD5 hash
-       will be of the user's password concatenated to their user name.
-       For example, if user <literal>joe</> has password <literal>xyzzy</>,
-       <productname>PostgreSQL</> will store the md5 hash of
-       <literal>xyzzyjoe</>.  A password that does not follow that
-       format is assumed to be unencrypted.
-      </entry>
-     </row>
-
-     <row>
-      <entry><structfield>rolvaliduntil</structfield></entry>
-      <entry><type>timestamptz</type></entry>
-      <entry>Password expiry time (only used for password authentication);
-       null if no expiration</entry>
-     </row>
-    </tbody>
-   </tgroup>
-  </table>
-
-  <table id="catalog-rolattr-bitmap-table">
-   <title>Attributes in <structfield>rolattr</></title>
-
-   <tgroup cols="4">
-    <thead>
-     <row>
-      <entry>Attribute</entry>
-      <entry>CREATE ROLE Option</entry>
-      <entry>Description</entry>
-      <entry>Position</entry>
-     </row>
-    </thead>
-
-    <tbody>
-     <row>
-      <entry>Superuser</entry>
-      <entry>SUPERUSER</entry>
+      <entry><structfield>rolsuper</structfield></entry>
+      <entry><type>bool</type></entry>
       <entry>Role has superuser privileges</entry>
-      <entry><literal>0</literal></entry>
      </row>
 
      <row>
-      <entry>Inherit</entry>
-      <entry>INHERIT</entry>
-      <entry>
-       Role automatically inherits privileges of roles it is a member of
-      </entry>
-      <entry><literal>1</literal></entry>
+      <entry><structfield>rolinherit</structfield></entry>
+      <entry><type>bool</type></entry>
+      <entry>Role automatically inherits privileges of roles it is a
+       member of</entry>
      </row>
 
      <row>
-      <entry>Create Role</entry>
-      <entry>CREATEROLE</entry>
+      <entry><structfield>rolcreaterole</structfield></entry>
+      <entry><type>bool</type></entry>
       <entry>Role can create more roles</entry>
-      <entry><literal>2</literal></entry>
      </row>
 
      <row>
-      <entry>Create DB</entry>
-      <entry>CREATEDB</entry>
+      <entry><structfield>rolcreatedb</structfield></entry>
+      <entry><type>bool</type></entry>
       <entry>Role can create databases</entry>
-      <entry><literal>3</literal></entry>
      </row>
 
      <row>
-      <entry>Catalog Update</entry>
-      <entry>CATUPDATE</entry>
+      <entry><structfield>rolcatupdate</structfield></entry>
+      <entry><type>bool</type></entry>
       <entry>
        Role can update system catalogs directly.  (Even a superuser cannot do
        this unless this column is true)
       </entry>
-      <entry><literal>4</literal></entry>
      </row>
 
      <row>
-      <entry>Can Login</entry>
-      <entry>LOGIN</entry>
+      <entry><structfield>rolcanlogin</structfield></entry>
+      <entry><type>bool</type></entry>
       <entry>
        Role can log in. That is, this role can be given as the initial
        session authorization identifier
       </entry>
-      <entry><literal>5</literal></entry>
      </row>
 
      <row>
-      <entry>Replication</entry>
-      <entry>REPLICATION</entry>
+      <entry><structfield>rolreplication</structfield></entry>
+      <entry><type>bool</type></entry>
       <entry>
        Role is a replication role. That is, this role can initiate streaming
        replication (see <xref linkend="streaming-replication">) and set/unset
        the system backup mode using <function>pg_start_backup</> and
        <function>pg_stop_backup</>
       </entry>
-      <entry><literal>6</literal></entry>
      </row>
 
      <row>
-      <entry>Bypass Row Level Security</entry>
-      <entry>BYPASSRLS</entry>
+      <entry><structfield>rolconnlimit</structfield></entry>
+      <entry><type>int4</type></entry>
       <entry>
-       Role can bypass row level security policies when <literal>row_security</>
-       is set <literal>off</>
+       For roles that can log in, this sets maximum number of concurrent
+       connections this role can make.  -1 means no limit.
+      </entry>
+     </row>
+
+     <row>
+      <entry><structfield>rolpassword</structfield></entry>
+      <entry><type>text</type></entry>
+      <entry>
+       Password (possibly encrypted); null if none.  If the password
+       is encrypted, this column will begin with the string <literal>md5</>
+       followed by a 32-character hexadecimal MD5 hash.  The MD5 hash
+       will be of the user's password concatenated to their user name.
+       For example, if user <literal>joe</> has password <literal>xyzzy</>,
+       <productname>PostgreSQL</> will store the md5 hash of
+       <literal>xyzzyjoe</>.  A password that does not follow that
+       format is assumed to be unencrypted.
       </entry>
-      <entry><literal>7</literal></entry>
      </row>
 
+     <row>
+      <entry><structfield>rolvaliduntil</structfield></entry>
+      <entry><type>timestamptz</type></entry>
+      <entry>Password expiry time (only used for password authentication);
+       null if no expiration</entry>
+     </row>
     </tbody>
    </tgroup>
   </table>
diff --git a/doc/src/sgml/func.sgml b/doc/src/sgml/func.sgml
index 2a37e65eb9a..24c64b7187f 100644
--- a/doc/src/sgml/func.sgml
+++ b/doc/src/sgml/func.sgml
@@ -15139,133 +15139,6 @@ SELECT has_function_privilege('joeuser', 'myfunc(int, text)', 'execute');
     are immediately available without doing <command>SET ROLE</>.
    </para>
 
-   <para>
-    <xref linkend="functions-info-role-attribute-table"> lists functions that
-    allow the user to query role attribute information programmatically.
-   </para>
-
-   <table id="functions-info-role-attribute-table">
-    <title>Role Attribute Inquiry Functions</title>
-    <tgroup cols="3">
-     <thead>
-      <row><entry>Name</entry> <entry>Return Type</entry> <entry>Description</entry></row>
-     </thead>
-     <tbody>
-      <row>
-       <entry><literal><function>pg_has_role_attribute(role, attribute)</function></literal></entry>
-       <entry><type>boolean</type></entry>
-       <entry>does role have the permissions allowed by named attribute</entry>
-      </row>
-      <row>
-       <entry><literal><function>pg_check_role_attribute(role, attribute)</function></literal></entry>
-       <entry><type>boolean</type></entry>
-       <entry>does role have the named attribute</entry>
-      </row>
-      <row>
-       <entry><literal><function>pg_check_role_attribute(role_attributes, attribute)</function></literal></entry>
-       <entry><type>boolean</type></entry>
-       <entry>is attribute set in bitmap of role attributes</entry>
-      </row>
-      <row>
-       <entry><literal><function>pg_all_role_attributes(role_attributes)</function></literal></entry>
-       <entry><type>text[]</type></entry>
-       <entry>convert bitmap of role attribute representation to text[]</entry>
-      </row>
-     </tbody>
-    </tgroup>
-   </table>
-
-   <indexterm>
-    <primary>pg_has_role_attribute</primary>
-   </indexterm>
-   <indexterm>
-    <primary>pg_check_role_attribute</primary>
-   </indexterm>
-   <indexterm>
-    <primary>pg_all_role_attributes</primary>
-   </indexterm>
-
-   <para>
-    <function>pg_has_role_attribute</function> checks the attribute permissions
-    given to a role.  It will always return <literal>true</literal> for roles
-    with superuser privileges unless the attribute being checked is
-    <literal>CATUPDATE</literal> (superuser cannot bypass
-    <literal>CATUPDATE</literal> permissions). The role can be specified by name
-    and by OID. The attribute is specified by a text string which must evaluate
-    to one of the following role attributes:
-    <literal>SUPERUSER</literal>,
-    <literal>INHERIT</literal>,
-    <literal>CREATEROLE</literal>,
-    <literal>CREATEDB</literal>,
-    <literal>CATUPDATE</literal>,
-    <literal>CANLOGIN</literal>,
-    <literal>REPLICATION</literal>, or
-    <literal>BYPASSRLS</literal>. See <xref linkend="sql-createrole"> for more
-    information. For example:
-<programlisting>
-SELECT pg_has_role_attribute('joe', 'SUPERUSER');
- pg_has_role_attribute 
------------------------
- f
-(1 row)
-
-SELECT rolname, pg_has_role_attribute(oid, 'INHERIT') AS rolinherit FROM pg_roles;
- rolname  | rolinherit 
-----------+------------
- postgres | t
- joe      | t
-(2 rows)
-</programlisting>
-   </para>
-
-   <para>
-    <function>pg_check_role_attribute</function> checks the attribute value given
-    to a role.  The role can be specified by name and by OID.  The attribute is
-    specified by a text string which must evaluate to a valid role attribute (see
-    <function>pg_has_role_attribute</function>).  A third variant of this function
-    allows for a bitmap representation (<literal>bigint</literal>) of attributes
-    to be given instead of a role.
-    Example:
-<programlisting>
-SELECT pg_check_role_attribute('joe', 'SUPERUSER');
- pg_check_role_attribute 
--------------------------
- f
-(1 row)
-
-SELECT rolname, pg_check_role_attribute(oid, 'INHERIT') as rolinherit FROM pg_roles;
- rolname  | rolinherit 
-----------+------------
- postgres | t
- joe      | t
-(2 rows)
- t
-(1 row)
-
-
-SELECT rolname, pg_check_role_attribute(rolattr, 'SUPERUSER') AS rolsuper FROM pg_authid;
- rolname  | rolsuper 
-----------+----------
- postgres | t
- joe      | f
-(2 rows)
-</programlisting>
-   </para>
-
-   <para>
-    <function>pg_all_role_attributes</function> convert a set of role attributes
-    represented by an <literal>bigint</literal> bitmap to a text array.
-    Example:
-<programlisting>
-SELECT rolname, pg_all_role_attributes(rolattr) AS attributes FROM pg_authid;
- rolname  |                                          attributes                                           
-----------+-----------------------------------------------------------------------------------------------
- postgres | {Superuser,Inherit,"Create Role","Create DB","Catalog Update",Login,Replication,"Bypass RLS"}
- joe      | {Inherit,Login}
-(2 rows)
-</programlisting>
-   </para>
-
   <para>
    <xref linkend="functions-info-schema-table"> shows functions that
    determine whether a certain object is <firstterm>visible</> in the
-- 
cgit v1.2.3