Update pg_write_all_data behvaior to recent product changes

gbowerman · web-flow · commit f4fdf074595f · 2026-05-21T08:06:45.000-07:00
Updated behavior for changes in M58. Also updated author information and publication date
diff --git a/articles/postgresql/security/security-access-control.md b/articles/postgresql/security/security-access-control.md
@@ -2,9 +2,9 @@
 title: Access Management
 description: Learn how to manage access permissions for Azure Database for PostgreSQL using roles.
 author: techlake
-ms.author: hganten
+ms.author: talawren
 ms.reviewer: maghan
-ms.date: 09/19/2025
+ms.date: 05/21/2026
 ms.service: azure-database-postgresql
 ms.subservice: security
 ms.topic: concept-article
@@ -141,9 +141,6 @@ This is a built-in safeguard to prevent changes to critical administrative roles
 
 In PostgreSQL 16, a strict role hierarchy structure is implemented for users with the [CREATEROLE](https://www.postgresql.org/docs/16/sql-createrole.html) privilege, specifically related to grant roles. To improve administrative flexibility and address a limitation introduced in PostgreSQL 16, Azure Database for PostgreSQL enhances the capabilities of the *azure_pg_admin* role across all PostgreSQL versions. With this update, members of the *azure_pg_admin* role can manage roles and access objects owned by any nonrestricted role, even if those roles are also members of *azure_pg_admin*. This enhancement ensures that administrative users maintain consistent and comprehensive control over role and permission management, providing a seamless and reliable experience without requiring superuser access.
 
-> [!IMPORTANT]  
-> Azure Database for PostgreSQL doesn't allow users to be granted *pg_write_all_data* attribute, which allows user to write all data (tables, views, sequences), as if having `INSERT`, `UPDATE`, and `DELETE` rights on those objects, and USAGE rights on all schemas, even without having it explicitly granted. As a workaround recommended granting similar permissions on a more finite level per database and object.
-
 ## Row-level security
 
 [Row-level security (RLS)](https://www.postgresql.org/docs/current/ddl-rowsecurity.html) is an Azure Database for PostgreSQL security feature that enables database administrators to define policies that control how specific rows of data display and operate for one or more roles. Row-level security adds an extra filter to an Azure Database for PostgreSQL database table. When a user tries to perform an action on a table, this filter is applied before the query criteria or other filtering, and the data narrows or rejects according to your security policy. You can create row-level security policies for specific commands like `SELECT`, `INSERT`, `UPDATE`, and `DELETE`, or specify it for all commands. Use cases for row-level security include PCI-compliant implementations, classified environments, and shared hosting or multitenant applications.
