Doc: you must own the target object to use SECURITY LABEL.

For some reason this wasn't mentioned before.

Author: Patrick Stählin <[email protected]>
Reviewed-by: Tom Lane <[email protected]>
Discussion: https://postgr.es/m/931e012a-57ba-41ba-9b88-24323a46dec5@packi.ch
Backpatch-through: 13

diff --git a/doc/src/sgml/ref/security_label.sgml b/doc/src/sgml/ref/security_label.sgml
index 587bdbd210db762d2ca31ba3e136eb0ddf375705..37708af6f8b1b2c75b5a2c6c0b9ee0c89ff808b9 100644 (file)
--- a/doc/src/sgml/ref/security_label.sgml
+++ b/doc/src/sgml/ref/security_label.sgml
@@ -84,6 +84,10 @@ SECURITY LABEL [ FOR <replaceable class="parameter">provider</replaceable> ] ON
    based on object labels, rather than traditional discretionary access control
    (DAC) concepts such as users and groups.
   </para>
+
+  <para>
+   You must own the database object to use <command>SECURITY LABEL</command>.
+  </para>
  </refsect1>
 
  <refsect1>