From c0881fc1443d7836ec6cdd7977a076f8a9df10e6 Mon Sep 17 00:00:00 2001
From: Felix Kunde <felix-kunde@gmx.de>
Date: Thu, 3 Jun 2021 12:09:51 +0200
Subject: [PATCH] extend docs on defaultUsers

---
 docs/user.md | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/docs/user.md b/docs/user.md
index 8e406ec00..80fad1045 100644
--- a/docs/user.md
+++ b/docs/user.md
@@ -503,7 +503,8 @@ The roles described in the previous paragraph can be granted to LOGIN roles from
 the `users` section in the manifest. Optionally, the Postgres Operator can also
 create default LOGIN roles for the database an each schema individually. These
 roles will get the `_user` suffix and they inherit all rights from their NOLOGIN
-counterparts.
+counterparts. Therefore, you cannot have `defaultRoles` set to `false` and enable
+`defaultUsers` at the same time.
 
 | Role name           | Member of      | Admin         |
 | ------------------- | -------------- | ------------- |
@@ -526,6 +527,10 @@ spec:
           defaultUsers: true
 ```
 
+Default access privileges are also defined for LOGIN roles one database and
+schema creation. This mean they are currently not set when `defaultUsers`
+(or `defaultRoles` for schemas) are enabled at a later point in time.
+
 ### Schema `search_path` for default roles
 
 The schema [`search_path`](https://www.postgresql.org/docs/13/ddl-schemas.html#DDL-SCHEMAS-PATH)