Incorporated Brian’s feedback.

florence-crl · florence-crl · commit 6fc6f27ee68a · 2025-10-17T14:07:00.000-04:00
diff --git a/src/current/_includes/v25.4/misc/session-vars.md b/src/current/_includes/v25.4/misc/session-vars.md
@@ -1,7 +1,7 @@
 | Variable name | Description | Initial value | Modify with [`SET`]({% link {{ page.version.version }}/set-vars.md %})? | View with [`SHOW`]({% link {{ page.version.version }}/show-vars.md %})? |
 |---|---|---|---|---|
 | <a id="always-distribute-full-scans"></a> `always_distribute_full_scans` | When set to `on`, full table scans are always [distributed]({% link {{ page.version.version }}/architecture/sql-layer.md %}#distsql). | `off` | Yes | Yes |
-| <a id="allow-unsafe-internals"></a><span class="version-tag">New in v25.4:</span> `allow_unsafe_internals` | Controls access to unsafe internals in the `system` database and the [`crdb_internal`]({% link {{ page.version.version }}/crdb-internal.md %}#access-control) schema. When set to `off`, only allowlisted objects are accessible without internal privileges.<br><br>**Warning**: In future releases, this session variable will default to `off` and then will be removed. To assess potential downstream impacts on your setup, set `allow_unsafe_internals` to `off` in a non-production environment. | `on` | Yes | Yes |
+| <a id="allow-unsafe-internals"></a><span class="version-tag">New in v25.4:</span> `allow_unsafe_internals` | Controls access to unsafe internals in the `system` database and the [`crdb_internal`]({% link {{ page.version.version }}/crdb-internal.md %}#access-control) schema. When set to `off`, only allowlisted objects are accessible without internal privileges.<br><br>**Warning**: In a future release, this session variable will default to `off`. To assess potential downstream impacts on your setup, set `allow_unsafe_internals` to `off` in a non-production environment. | `on` | Yes | Yes |
 | <a id="application-name"></a> `application_name` | The current application name for statistics collection. | Empty string, or `cockroach` for sessions from the [built-in SQL client]({% link {{ page.version.version }}/cockroach-sql.md %}). | Yes | Yes |
 | <a id="autocommit-before-ddl"></a> `autocommit_before_ddl` | When the [`autocommit_before_ddl` session setting]({% link {{page.version.version}}/set-vars.md %}#autocommit-before-ddl) is set to `on`, any schema change statement that is sent during an [explicit transaction]({% link {{page.version.version}}/transactions.md %}) will cause the transaction to [commit]({% link {{page.version.version}}/commit-transaction.md %}) before executing the schema change. This is useful because [CockroachDB does not fully support multiple schema changes in a single transaction]({% link {{ page.version.version }}/online-schema-changes.md %}#schema-changes-within-transactions). : This setting is enabled by default. To disable it for [all roles]({% link {{ page.version.version }}/alter-role.md %}#set-default-session-variable-values-for-all-users), issue the following statement: `ALTER ROLE ALL SET autocommit_before_ddl = false`  | `on` | Yes | Yes |
 | <a id="bytea-output"></a> `bytea_output` | The [mode for conversions from `STRING` to `BYTES`]({% link {{ page.version.version }}/bytes.md %}#supported-conversions). | hex | Yes | Yes |
diff --git a/src/current/v25.4/crdb-internal.md b/src/current/v25.4/crdb-internal.md
@@ -9,26 +9,26 @@ The `crdb_internal` [system catalog]({% link {{ page.version.version }}/system-c
 
 ## Access control
 
-{% include_cached new-in.html version="v25.4" %} CockroachDB treats most objects in the `crdb_internal` schema, as well as descriptors in the `system` database, as *unsafe internals*. Access to these objects is controlled by the [`allow_unsafe_internals` session variable]({% link {{ page.version.version }}/session-variables.md %}#allow-unsafe-internals). This defaults to `on`, but you can disable access by setting it to `off`:
+{% include_cached new-in.html version="v25.4" %} CockroachDB treats most objects in the `crdb_internal` schema and descriptors in the `system` database as *unsafe internals*. Access to these objects is controlled by the [`allow_unsafe_internals` session variable]({% link {{ page.version.version }}/session-variables.md %}#allow-unsafe-internals). This defaults to `on`, but you can disable access by setting it to `off`.
 
 {% include_cached copy-clipboard.html %}
 ~~~ sql
 SET allow_unsafe_internals = off;
 ~~~
 
-When set to `off`, external sessions can read only the allowlisted `crdb_internal` objects that are supported for production use (the tables marked ✓ in the table below). All other tables and built-in functions that use the `crdb_internal` namespace require either an internal caller or explicitly enabling `allow_unsafe_internals` for the session:
+When set to `off`, external sessions can read only the allowlisted `crdb_internal` objects that are supported for production use (the tables marked ✓ in the table below). All other tables and built-in functions that use the `crdb_internal` namespace require you to explicitly enable `allow_unsafe_internals` for the session.
 
 {% include_cached copy-clipboard.html %}
 ~~~ sql
 SET allow_unsafe_internals = on;
 ~~~
 
-Some SHOW commands, such as [SHOW DATABASES]({% link {{ page.version.version }}/show-databases.md %}), depend on internal queries that access otherwise restricted data. These commands are designed to bypass the `allow_unsafe_internals` setting, so they continue to function even when direct access to unsafe internals is disabled.
+Some `SHOW commands`, such as [`SHOW DATABASES`]({% link {{ page.version.version }}/show-databases.md %}), and CockroachDB tools, such as the [DB Console]({% link {{ page.version.version }}/ui-overview.md %}) and [`cockroach debug zip`]({% link {{ page.version.version }}/cockroach-debug-zip.md %}), rely on internal queries that access restricted data. These commands and tools are designed to bypass the `allow_unsafe_internals` setting and continue to function even when direct access is disabled.
 
 CockroachDB emits [log events to the `SENSITIVE_ACCESS` channel]({% link {{ page.version.version }}/logging-use-cases.md %}#example-unsafe-internals) when a user overrides or is denied access to unsafe internals, generating a record of emergency access to system internals.
 
 {{site.data.alerts.callout_danger}}
-In future releases, the `allow_unsafe_internals` session variable will default to `off` and then will be removed. To assess potential downstream impacts on your setup, set `allow_unsafe_internals` to `off` in a non-production environment.
+In a future release, the `allow_unsafe_internals` session variable will default to `off`. To assess potential downstream impacts on your setup, set `allow_unsafe_internals` to `off` in a non-production environment.
 {{site.data.alerts.end}}
 
 <a id="data-exposed-by-crdb_internal"></a>
diff --git a/src/current/v25.4/logging-use-cases.md b/src/current/v25.4/logging-use-cases.md
@@ -284,44 +284,44 @@ The following events may be logged to the `SENSITIVE_ACCESS` channel, depending
 
 These events record both successful and denied attempts to access internal system objects.
 
-This command enables access to unsafe internals for the user `max`:
+This command enables access to unsafe internals for the user `allow_unsafe_internals_on`:
 
 {% include_cached copy-clipboard.html %}
 ~~~ sql
-ALTER ROLE max SET allow_unsafe_internals = on;
+ALTER ROLE allow_unsafe_internals_on SET allow_unsafe_internals = on;
 ~~~
 
-When the user `max` connects to a session and accesses an unsafe internal object, an event is logged:
+When the user `allow_unsafe_internals_on` connects to a session and accesses an unsafe internal object, an event is logged:
 
 {% include_cached copy-clipboard.html %}
 ~~~ sql
 SELECT count(*) FROM crdb_internal.active_range_feeds;
 ~~~
 
-This `unsafe_internals_accessed` event shows that the internal table `crdb_internal.active_range_feeds` was accessed by user `max` who issued a [`SELECT`]({% link {{ page.version.version }}/selection-queries.md %}) statement:
+This `unsafe_internals_accessed` event shows that the internal table `crdb_internal.active_range_feeds` was accessed by user `allow_unsafe_internals_on` who issued a [`SELECT`]({% link {{ page.version.version }}/selection-queries.md %}) statement:
 
 ~~~
-W250930 19:51:01.128927 464484 8@util/log/event_log.go:90 ⋮ [T1,Vsystem,n1,client=127.0.0.1:65020,hostssl,user=‹max›] 23 ={"Timestamp":1759261861128925000,"EventType":"unsafe_internals_accessed","Query":"SELECT count(*) FROM \"\".crdb_internal.active_range_feeds"}
+W250930 19:51:01.128927 464484 8@util/log/event_log.go:90 ⋮ [T1,Vsystem,n1,client=127.0.0.1:65020,hostssl,user=‹allow_unsafe_internals_on›] 23 ={"Timestamp":1759261861128925000,"EventType":"unsafe_internals_accessed","Query":"SELECT count(*) FROM \"\".crdb_internal.active_range_feeds"}
 ~~~
 
-This command disables access to unsafe internals for the user `max`:
+This command disables access to unsafe internals for the user `allow_unsafe_internals_off`:
 
 {% include_cached copy-clipboard.html %}
 ~~~ sql
-ALTER ROLE max SET allow_unsafe_internals = off;
+ALTER ROLE allow_unsafe_internals_off SET allow_unsafe_internals = off;
 ~~~
 
-When the user `max` connects to a session and tries to access an unsafe internal object, an event is logged:
+When the user `allow_unsafe_internals_off` connects to a session and tries to access an unsafe internal object, an event is logged:
 
 {% include_cached copy-clipboard.html %}
 ~~~ sql
 SELECT count(*) FROM crdb_internal.active_range_feeds;
 ~~~
 
-This `unsafe_internals_denied` event shows that access to the internal table `crdb_internal.active_range_feeds` was denied to the user `max`, who issued a [`SELECT`]({% link {{ page.version.version }}/selection-queries.md %}) statement:
+This `unsafe_internals_denied` event shows that access to the internal table `crdb_internal.active_range_feeds` was denied to the user `allow_unsafe_internals_off`, who issued a [`SELECT`]({% link {{ page.version.version }}/selection-queries.md %}) statement:
 
 ~~~
-W250930 15:47:06.906181 122782 8@util/log/event_log.go:90 ⋮ [T1,Vsystem,n1,client=127.0.0.1:57104,hostssl,user=‹max›] 18 ={"Timestamp":1759247226906172000,"EventType":"unsafe_internals_denied","Query":"SELECT count(*) FROM \"\".crdb_internal.active_range_feeds"}
+W250930 15:47:06.906181 122782 8@util/log/event_log.go:90 ⋮ [T1,Vsystem,n1,client=127.0.0.1:57104,hostssl,user=‹allow_unsafe_internals_off›] 18 ={"Timestamp":1759247226906172000,"EventType":"unsafe_internals_denied","Query":"SELECT count(*) FROM \"\".crdb_internal.active_range_feeds"}
 ~~~
 
 - Preceding the `=` character is the `crdb-v2` event metadata. See the [reference documentation]({% link {{ page.version.version }}/log-formats.md %}#format-crdb-v2) for details on the fields.
