Add missing part of replication role docs

Noted by Peter E.

diff --git a/doc/src/sgml/user-manag.sgml b/doc/src/sgml/user-manag.sgml
index d4906907ec00bec60f7d41eace4d5e3db0d6c233..08b3fb7dc4289f4b6837cfe254a7dd0a5f43be30 100644 (file)
--- a/doc/src/sgml/user-manag.sgml
+++ b/doc/src/sgml/user-manag.sgml
@@ -169,7 +169,8 @@ CREATE USER <replaceable>name</replaceable>;
       <term>superuser status<indexterm><primary>superuser</></></term>
       <listitem>
        <para>
-        A database superuser bypasses all permission checks.  This is a
+        A database superuser bypasses all permission checks, except the right
+        to log in or the right to initiate replication.  This is a
         dangerous privilege and should not be used carelessly; it is best
         to do most of your work as a role that is not a superuser.
         To create a new database superuser, use <literal>CREATE ROLE
@@ -208,6 +209,20 @@ CREATE USER <replaceable>name</replaceable>;
       </listitem>
      </varlistentry>
 
+     <varlistentry>
+      <term>initiating replication<indexterm><primary>role</><secondary>privilege to initiate replication</></></term>
+      <listitem>
+       <para>
+        A role must explicitly be given permission to initiate streaming
+        replication (superusers do not bypass this check). A role used
+        for streaming replication must always have <literal>LOGIN</>
+        permission as well. To create such a role, use
+        <literal>CREATE ROLE <replaceable>name</replaceable> REPLICATION
+        LOGIN</literal>.
+       </para>
+      </listitem>
+     </varlistentry>
+
      <varlistentry>
       <term>password<indexterm><primary>password</></></term>
       <listitem>