Skip to content
GitLab
Explore
Sign in
Register
Primary navigation
Search or go to…
Project
P
postgres-lambda-diff
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Container registry
Model registry
Operate
Environments
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Jakob Huber
postgres-lambda-diff
Commits
fccda9eb
Commit
fccda9eb
authored
23 years ago
by
Tom Lane
Browse files
Options
Downloads
Patches
Plain Diff
Update GRANT example and discussion to match current sources.
parent
75c33220
No related branches found
No related tags found
No related merge requests found
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
doc/src/sgml/ref/grant.sgml
+37
-20
37 additions, 20 deletions
doc/src/sgml/ref/grant.sgml
with
37 additions
and
20 deletions
doc/src/sgml/ref/grant.sgml
+
37
−
20
View file @
fccda9eb
<!--
$Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.2
2
2002/04/2
1 00:26
:4
2
tgl Exp $
$Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.2
3
2002/04/2
2 19:17
:4
0
tgl Exp $
PostgreSQL documentation
-->
...
...
@@ -157,11 +157,10 @@ GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
<term>CREATE</term>
<listitem>
<para>
For databases, allows new schemas to be created in the database.
For databases, allows new schemas to be created
with
in the database.
</para>
<para>
For schemas, allows new objects to be created within the specified
schema.
For schemas, allows new objects to be created within the schema.
</para>
</listitem>
</varlistentry>
...
...
@@ -196,9 +195,9 @@ GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
of privilege that is applicable to procedural languages.
</para>
<para>
For schemas, allows
the use of
objects contained in the specified
For schemas, allows
access to
objects contained in the specified
schema (assuming that the objects' own privilege requirements are
met). Essentially this allows the grantee to <quote>look up</>
also
met). Essentially this allows the grantee to <quote>look up</>
objects within the schema.
</para>
</listitem>
...
...
@@ -226,6 +225,11 @@ GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
<refsect1 id="SQL-GRANT-notes">
<title>Notes</title>
<para>
The <xref linkend="sql-revoke" endterm="sql-revoke-title"> command is used
to revoke access privileges.
</para>
<para>
It should be noted that database <firstterm>superusers</> can access
all objects regardless of object privilege settings. This
...
...
@@ -243,19 +247,19 @@ GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
<para>
Use <xref linkend="app-psql">'s <command>\z</command> command
to obtain information about privileges
on existing objects:
to obtain information about existing privileges, for example:
<programlisting>
lusitania=> \z mytable
Access privileges for database "lusitania"
Table | Access privileges
---------+---------------------------------------
mytable | {=r,miriam=arwdRxt,"group todos=arw"}
</programlisting>
The entries shown by <command>\z</command> are interpreted thus:
<programlisting>
Database = lusitania
+------------------+---------------------------------------------+
| Relation | Grant/Revoke Permissions |
+------------------+---------------------------------------------+
| mytable | {"=rw","miriam=arwdRxt","group todos=rw"} |
+------------------+---------------------------------------------+
Legend:
uname=arwR -- privileges granted to a user
group gname=arwR -- privileges granted to a group
=arwR -- privileges granted to PUBLIC
=xxxx -- privileges granted to PUBLIC
uname=xxxx -- privileges granted to a user
group gname=xxxx -- privileges granted to a group
r -- SELECT ("read")
w -- UPDATE ("write")
...
...
@@ -269,12 +273,25 @@ GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
C -- CREATE
T -- TEMPORARY
arwdRxt -- ALL PRIVILEGES (for tables)
</programlisting>
The above example display would be seen by user <literal>miriam</> after
creating table <literal>mytable</> and doing
<programlisting>
GRANT SELECT ON mytable TO PUBLIC;
GRANT SELECT,UPDATE,INSERT ON mytable TO GROUP todos;
</programlisting>
</para>
<para>
The <xref linkend="sql-revoke" endterm="sql-revoke-title"> command is used to revoke access
privileges.
If the <quote>Access privileges</> column is empty for a given object,
it means the object has default privileges (that is, its privileges field
is NULL). Currently, default privileges are interpreted the same way
for all object types: all privileges for the owner and no privileges for
anyone else. The first <command>GRANT</> on an object will instantiate
this default (producing, for example, <literal>{=,miriam=arwdRxt}</>)
and then modify it per the specified request.
</para>
</refsect1>
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
