Skip to content

P
Postgres FD Implementation
Commit fccda9eb authored by Tom Lane's avatar Tom Lane
Browse files
Options

Update GRANT example and discussion to match current sources.

parent 75c33220
Hide whitespace changes
Inline Side-by-side
Showing with 37 additions and 20 deletions
doc/src/sgml/ref/grant.sgml
View file @ fccda9eb
<!-- <!--
$Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.22 2002/04/21 00:26:42 tgl Exp $ $Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.23 2002/04/22 19:17:40 tgl Exp $
PostgreSQL documentation PostgreSQL documentation
--> -->
...@@ -157,11 +157,10 @@ GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] } ...@@ -157,11 +157,10 @@ GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
<term>CREATE</term> <term>CREATE</term>
<listitem> <listitem>
<para> <para>
For databases, allows new schemas to be created in the database. For databases, allows new schemas to be created within the database.
</para> </para>
<para> <para>
For schemas, allows new objects to be created within the specified For schemas, allows new objects to be created within the schema.
schema.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
...@@ -196,9 +195,9 @@ GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] } ...@@ -196,9 +195,9 @@ GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
of privilege that is applicable to procedural languages. of privilege that is applicable to procedural languages.
</para> </para>
<para> <para>
For schemas, allows the use of objects contained in the specified For schemas, allows access to objects contained in the specified
schema (assuming that the objects' own privilege requirements are schema (assuming that the objects' own privilege requirements are
met). Essentially this allows the grantee to <quote>look up</> also met). Essentially this allows the grantee to <quote>look up</>
objects within the schema. objects within the schema.
</para> </para>
</listitem> </listitem>
...@@ -226,6 +225,11 @@ GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] } ...@@ -226,6 +225,11 @@ GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
<refsect1 id="SQL-GRANT-notes"> <refsect1 id="SQL-GRANT-notes">
<title>Notes</title> <title>Notes</title>
<para>
The <xref linkend="sql-revoke" endterm="sql-revoke-title"> command is used
to revoke access privileges.
</para>
<para> <para>
It should be noted that database <firstterm>superusers</> can access It should be noted that database <firstterm>superusers</> can access
all objects regardless of object privilege settings. This all objects regardless of object privilege settings. This
...@@ -243,19 +247,19 @@ GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] } ...@@ -243,19 +247,19 @@ GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
<para> <para>
Use <xref linkend="app-psql">'s <command>\z</command> command Use <xref linkend="app-psql">'s <command>\z</command> command
to obtain information about privileges to obtain information about existing privileges, for example:
on existing objects: <programlisting>
lusitania=> \z mytable
Access privileges for database "lusitania"
Table | Access privileges
---------+---------------------------------------
mytable | {=r,miriam=arwdRxt,"group todos=arw"}
</programlisting>
The entries shown by <command>\z</command> are interpreted thus:
<programlisting> <programlisting>
Database = lusitania =xxxx -- privileges granted to PUBLIC
+------------------+---------------------------------------------+ uname=xxxx -- privileges granted to a user
| Relation | Grant/Revoke Permissions | group gname=xxxx -- privileges granted to a group
+------------------+---------------------------------------------+
| mytable | {"=rw","miriam=arwdRxt","group todos=rw"} |
+------------------+---------------------------------------------+
Legend:
uname=arwR -- privileges granted to a user
group gname=arwR -- privileges granted to a group
=arwR -- privileges granted to PUBLIC
r -- SELECT ("read") r -- SELECT ("read")
w -- UPDATE ("write") w -- UPDATE ("write")
...@@ -269,12 +273,25 @@ GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] } ...@@ -269,12 +273,25 @@ GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
C -- CREATE C -- CREATE
T -- TEMPORARY T -- TEMPORARY
arwdRxt -- ALL PRIVILEGES (for tables) arwdRxt -- ALL PRIVILEGES (for tables)
</programlisting>
The above example display would be seen by user <literal>miriam</> after
creating table <literal>mytable</> and doing
<programlisting>
GRANT SELECT ON mytable TO PUBLIC;
GRANT SELECT,UPDATE,INSERT ON mytable TO GROUP todos;
</programlisting> </programlisting>
</para> </para>
<para> <para>
The <xref linkend="sql-revoke" endterm="sql-revoke-title"> command is used to revoke access If the <quote>Access privileges</> column is empty for a given object,
privileges. it means the object has default privileges (that is, its privileges field
is NULL). Currently, default privileges are interpreted the same way
for all object types: all privileges for the owner and no privileges for
anyone else. The first <command>GRANT</> on an object will instantiate
this default (producing, for example, <literal>{=,miriam=arwdRxt}</>)
and then modify it per the specified request.
</para> </para>
</refsect1> </refsect1>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment