doc: restructure ALTER DEFAULT PRIVILEGES
Clarify that default privileges are not inherited and reorder paragraphs. This is a follow up to a recent ALTER DEFAULT PRIVILEGES doc patch. Reported-by: Sanjay Minni Diagnosed-by: AMpxBo=M35hcH1g4Vg=KRJ0-77FOJcvdrdiVF5KSOAdOG-LvKQ@mail.gmail.com Co-authored-by: Laurenz Albe Backpatch-through: 16
This commit is contained in:
parent
83472de606
commit
151a0ee76d
@ -88,25 +88,19 @@ REVOKE [ GRANT OPTION FOR ]
|
|||||||
<title>Description</title>
|
<title>Description</title>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
<command>ALTER DEFAULT PRIVILEGES</command> allows you to set the privileges
|
<command>ALTER DEFAULT PRIVILEGES</command> allows you to set the
|
||||||
that will be applied to objects created in the future. (It does not
|
privileges that will be applied to objects created in the future.
|
||||||
affect privileges assigned to already-existing objects.) Currently,
|
(It does not affect privileges assigned to already-existing objects.)
|
||||||
only the privileges for schemas, tables (including views and foreign
|
Privileges can be set globally (i.e., for all objects created in the
|
||||||
tables), sequences, functions, and types (including domains) can be
|
current database), or just for objects created in specified schemas.
|
||||||
altered. For this command, functions include aggregates and procedures.
|
|
||||||
The words <literal>FUNCTIONS</literal> and <literal>ROUTINES</literal> are
|
|
||||||
equivalent in this command. (<literal>ROUTINES</literal> is preferred
|
|
||||||
going forward as the standard term for functions and procedures taken
|
|
||||||
together. In earlier PostgreSQL releases, only the
|
|
||||||
word <literal>FUNCTIONS</literal> was allowed. It is not possible to set
|
|
||||||
default privileges for functions and procedures separately.)
|
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
You can change default privileges only for objects that will be created by
|
While you can change your own default privileges and the defaults of
|
||||||
yourself or by roles that you are a member of. The privileges can be set
|
roles that you are a member of, at object creation time, new object
|
||||||
globally (i.e., for all objects created in the current database),
|
permissions are only affected by the default privileges of the current
|
||||||
or just for objects created in specified schemas.
|
role, and are not inherited from any roles in which the current role
|
||||||
|
is a member.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
@ -118,6 +112,19 @@ REVOKE [ GRANT OPTION FOR ]
|
|||||||
<command>ALTER DEFAULT PRIVILEGES</command>.
|
<command>ALTER DEFAULT PRIVILEGES</command>.
|
||||||
</para>
|
</para>
|
||||||
|
|
||||||
|
<para>
|
||||||
|
Currently,
|
||||||
|
only the privileges for schemas, tables (including views and foreign
|
||||||
|
tables), sequences, functions, and types (including domains) can be
|
||||||
|
altered. For this command, functions include aggregates and procedures.
|
||||||
|
The words <literal>FUNCTIONS</literal> and <literal>ROUTINES</literal> are
|
||||||
|
equivalent in this command. (<literal>ROUTINES</literal> is preferred
|
||||||
|
going forward as the standard term for functions and procedures taken
|
||||||
|
together. In earlier PostgreSQL releases, only the
|
||||||
|
word <literal>FUNCTIONS</literal> was allowed. It is not possible to set
|
||||||
|
default privileges for functions and procedures separately.)
|
||||||
|
</para>
|
||||||
|
|
||||||
<para>
|
<para>
|
||||||
Default privileges that are specified per-schema are added to whatever
|
Default privileges that are specified per-schema are added to whatever
|
||||||
the global default privileges are for the particular object type.
|
the global default privileges are for the particular object type.
|
||||||
@ -136,12 +143,9 @@ REVOKE [ GRANT OPTION FOR ]
|
|||||||
<term><replaceable>target_role</replaceable></term>
|
<term><replaceable>target_role</replaceable></term>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para>
|
<para>
|
||||||
The name of an existing role of which the current role is a member.
|
Change default privileges for objects created by the
|
||||||
Default access privileges are not inherited, so member roles
|
<replaceable>target_role</replaceable>, or the current
|
||||||
must use <command>SET ROLE</command> to access these privileges,
|
role if unspecified.
|
||||||
or <command>ALTER DEFAULT PRIVILEGES</command> must be run for
|
|
||||||
each member role. If <literal>FOR ROLE</literal> is omitted,
|
|
||||||
the current role is assumed.
|
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
</varlistentry>
|
</varlistentry>
|
||||||
|
Loading…
x
Reference in New Issue
Block a user