Update GRANT example and discussion to match current sources.
This commit is contained in:
Tom Lane
parent
75c33220ad
commit
fccda9eb90
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
$Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.22 2002/04/21 00:26:42 tgl Exp $
|
||||
$Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.23 2002/04/22 19:17:40 tgl Exp $
|
||||
PostgreSQL documentation
|
||||
-->
|
||||
|
||||
@ -157,11 +157,10 @@ GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
|
||||
<term>CREATE</term>
|
||||
<listitem>
|
||||
<para>
|
||||
For databases, allows new schemas to be created in the database.
|
||||
For databases, allows new schemas to be created within the database.
|
||||
</para>
|
||||
<para>
|
||||
For schemas, allows new objects to be created within the specified
|
||||
schema.
|
||||
For schemas, allows new objects to be created within the schema.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
@ -196,9 +195,9 @@ GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
|
||||
of privilege that is applicable to procedural languages.
|
||||
</para>
|
||||
<para>
|
||||
For schemas, allows the use of objects contained in the specified
|
||||
For schemas, allows access to objects contained in the specified
|
||||
schema (assuming that the objects' own privilege requirements are
|
||||
met). Essentially this allows the grantee to <quote>look up</>
|
||||
also met). Essentially this allows the grantee to <quote>look up</>
|
||||
objects within the schema.
|
||||
</para>
|
||||
</listitem>
|
||||
@ -226,6 +225,11 @@ GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
|
||||
<refsect1 id="SQL-GRANT-notes">
|
||||
<title>Notes</title>
|
||||
|
||||
<para>
|
||||
The <xref linkend="sql-revoke" endterm="sql-revoke-title"> command is used
|
||||
to revoke access privileges.
|
||||
</para>
|
||||
|
||||
<para>
|
||||
It should be noted that database <firstterm>superusers</> can access
|
||||
all objects regardless of object privilege settings. This
|
||||
@ -243,19 +247,19 @@ GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
|
||||
|
||||
<para>
|
||||
Use <xref linkend="app-psql">'s <command>\z</command> command
|
||||
to obtain information about privileges
|
||||
on existing objects:
|
||||
to obtain information about existing privileges, for example:
|
||||
<programlisting>
|
||||
Database = lusitania
|
||||
+------------------+---------------------------------------------+
|
||||
| Relation | Grant/Revoke Permissions |
|
||||
+------------------+---------------------------------------------+
|
||||
| mytable | {"=rw","miriam=arwdRxt","group todos=rw"} |
|
||||
+------------------+---------------------------------------------+
|
||||
Legend:
|
||||
uname=arwR -- privileges granted to a user
|
||||
group gname=arwR -- privileges granted to a group
|
||||
=arwR -- privileges granted to PUBLIC
|
||||
lusitania=> \z mytable
|
||||
Access privileges for database "lusitania"
|
||||
Table | Access privileges
|
||||
---------+---------------------------------------
|
||||
mytable | {=r,miriam=arwdRxt,"group todos=arw"}
|
||||
</programlisting>
|
||||
The entries shown by <command>\z</command> are interpreted thus:
|
||||
<programlisting>
|
||||
=xxxx -- privileges granted to PUBLIC
|
||||
uname=xxxx -- privileges granted to a user
|
||||
group gname=xxxx -- privileges granted to a group
|
||||
|
||||
r -- SELECT ("read")
|
||||
w -- UPDATE ("write")
|
||||
@ -269,12 +273,25 @@ GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
|
||||
C -- CREATE
|
||||
T -- TEMPORARY
|
||||
arwdRxt -- ALL PRIVILEGES (for tables)
|
||||
</programlisting>
|
||||
|
||||
The above example display would be seen by user <literal>miriam</> after
|
||||
creating table <literal>mytable</> and doing
|
||||
|
||||
<programlisting>
|
||||
GRANT SELECT ON mytable TO PUBLIC;
|
||||
GRANT SELECT,UPDATE,INSERT ON mytable TO GROUP todos;
|
||||
</programlisting>
|
||||
</para>
|
||||
|
||||
<para>
|
||||
The <xref linkend="sql-revoke" endterm="sql-revoke-title"> command is used to revoke access
|
||||
privileges.
|
||||
If the <quote>Access privileges</> column is empty for a given object,
|
||||
it means the object has default privileges (that is, its privileges field
|
||||
is NULL). Currently, default privileges are interpreted the same way
|
||||
for all object types: all privileges for the owner and no privileges for
|
||||
anyone else. The first <command>GRANT</> on an object will instantiate
|
||||
this default (producing, for example, <literal>{=,miriam=arwdRxt}</>)
|
||||
and then modify it per the specified request.
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user