diff options
| author | Peter Eisentraut | 2001-05-27 09:59:30 +0000 |
|---|---|---|
| committer | Peter Eisentraut | 2001-05-27 09:59:30 +0000 |
| commit | 96147a6d1c15b7604838dcd5de5ebd771f551d96 (patch) | |
| tree | 54ad7d06fff6c8d331194285bf3a7718630f5976 /doc/src | |
| parent | 52350c7ad965d856da74514f89b88ce4ffbd18e7 (diff) | |
Make UPDATE and DELETE privileges distinct. Add REFERENCES and TRIGGER
privileges. INSERT and COPY FROM now require INSERT (only). Add
privileges regression test.
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/ref/copy.sgml | 6 | ||||
| -rw-r--r-- | doc/src/sgml/ref/create_rule.sgml | 6 | ||||
| -rw-r--r-- | doc/src/sgml/ref/create_trigger.sgml | 6 | ||||
| -rw-r--r-- | doc/src/sgml/ref/delete.sgml | 6 | ||||
| -rw-r--r-- | doc/src/sgml/ref/grant.sgml | 555 | ||||
| -rw-r--r-- | doc/src/sgml/ref/insert.sgml | 6 | ||||
| -rw-r--r-- | doc/src/sgml/ref/psql-ref.sgml | 6 | ||||
| -rw-r--r-- | doc/src/sgml/ref/revoke.sgml | 394 | ||||
| -rw-r--r-- | doc/src/sgml/ref/select.sgml | 6 | ||||
| -rw-r--r-- | doc/src/sgml/ref/update.sgml | 6 |
10 files changed, 259 insertions, 738 deletions
diff --git a/doc/src/sgml/ref/copy.sgml b/doc/src/sgml/ref/copy.sgml index 6019eb7a089..3c4dd31a5a2 100644 --- a/doc/src/sgml/ref/copy.sgml +++ b/doc/src/sgml/ref/copy.sgml @@ -1,13 +1,11 @@ <!-- -$Header: /cvsroot/pgsql/doc/src/sgml/ref/copy.sgml,v 1.20 2001/01/13 23:58:55 petere Exp $ +$Header: /cvsroot/pgsql/doc/src/sgml/ref/copy.sgml,v 1.21 2001/05/27 09:59:27 petere Exp $ Postgres documentation --> <refentry id="SQL-COPY"> <refmeta> - <refentrytitle id="sql-copy-title"> - COPY - </refentrytitle> + <refentrytitle id="sql-copy-title">COPY</refentrytitle> <refmiscinfo>SQL - Language Statements</refmiscinfo> </refmeta> <refnamediv> diff --git a/doc/src/sgml/ref/create_rule.sgml b/doc/src/sgml/ref/create_rule.sgml index e6a1a7b1468..430026a7863 100644 --- a/doc/src/sgml/ref/create_rule.sgml +++ b/doc/src/sgml/ref/create_rule.sgml @@ -1,13 +1,11 @@ <!-- -$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_rule.sgml,v 1.22 2001/01/13 23:58:55 petere Exp $ +$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_rule.sgml,v 1.23 2001/05/27 09:59:27 petere Exp $ Postgres documentation --> <refentry id="SQL-CREATERULE"> <refmeta> - <refentrytitle id="sql-createrule-title"> - CREATE RULE - </refentrytitle> + <refentrytitle id="sql-createrule-title">CREATE RULE</refentrytitle> <refmiscinfo>SQL - Language Statements</refmiscinfo> </refmeta> <refnamediv> diff --git a/doc/src/sgml/ref/create_trigger.sgml b/doc/src/sgml/ref/create_trigger.sgml index c4fbe0203bf..1dc633ce9d1 100644 --- a/doc/src/sgml/ref/create_trigger.sgml +++ b/doc/src/sgml/ref/create_trigger.sgml @@ -1,13 +1,11 @@ <!-- -$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_trigger.sgml,v 1.12 2000/10/05 19:48:18 momjian Exp $ +$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_trigger.sgml,v 1.13 2001/05/27 09:59:28 petere Exp $ Postgres documentation --> <refentry id="SQL-CREATETRIGGER"> <refmeta> - <refentrytitle id="SQL-CREATETRIGGER-TITLE"> - CREATE TRIGGER - </refentrytitle> + <refentrytitle id="SQL-CREATETRIGGER-TITLE">CREATE TRIGGER</refentrytitle> <refmiscinfo>SQL - Language Statements</refmiscinfo> </refmeta> <refnamediv> diff --git a/doc/src/sgml/ref/delete.sgml b/doc/src/sgml/ref/delete.sgml index 1f684b946f8..261ac327080 100644 --- a/doc/src/sgml/ref/delete.sgml +++ b/doc/src/sgml/ref/delete.sgml @@ -1,13 +1,11 @@ <!-- -$Header: /cvsroot/pgsql/doc/src/sgml/ref/delete.sgml,v 1.12 2001/01/13 23:58:55 petere Exp $ +$Header: /cvsroot/pgsql/doc/src/sgml/ref/delete.sgml,v 1.13 2001/05/27 09:59:28 petere Exp $ Postgres documentation --> <refentry id="SQL-DELETE"> <refmeta> - <refentrytitle id="SQL-DELETE-TITLE"> - DELETE - </refentrytitle> + <refentrytitle id="SQL-DELETE-TITLE">DELETE</refentrytitle> <refmiscinfo>SQL - Language Statements</refmiscinfo> </refmeta> <refnamediv> diff --git a/doc/src/sgml/ref/grant.sgml b/doc/src/sgml/ref/grant.sgml index 9770c3dd542..1399d049d77 100644 --- a/doc/src/sgml/ref/grant.sgml +++ b/doc/src/sgml/ref/grant.sgml @@ -1,444 +1,253 @@ <!-- -$Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.9 2000/10/05 19:48:18 momjian Exp $ +$Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.10 2001/05/27 09:59:28 petere Exp $ Postgres documentation --> <refentry id="SQL-GRANT"> <refmeta> - <refentrytitle id="SQL-GRANT-TITLE"> - GRANT - </refentrytitle> + <refentrytitle>GRANT</refentrytitle> <refmiscinfo>SQL - Language Statements</refmiscinfo> </refmeta> + <refnamediv> - <refname> - GRANT - </refname> - <refpurpose> - Grants access privilege to a user, a group or all users - </refpurpose> + <refname>GRANT</refname> + <refpurpose>Grants access privileges to a user, a group, or all users</refpurpose> </refnamediv> - <refsynopsisdiv> - <refsynopsisdivinfo> - <date>1999-07-20</date> - </refsynopsisdivinfo> - <synopsis> -GRANT <replaceable class="PARAMETER">privilege</replaceable> [, ...] ON <replaceable class="PARAMETER">object</replaceable> [, ...] - TO { PUBLIC | GROUP <replaceable class="PARAMETER">group</replaceable> | <replaceable class="PARAMETER">username</replaceable> } - </synopsis> - - <refsect2 id="R2-SQL-GRANT-1"> - <refsect2info> - <date>1998-09-23</date> - </refsect2info> - <title> - Inputs - </title> - <para> - - <variablelist> - <varlistentry> - <term><replaceable class="PARAMETER">privilege</replaceable></term> - <listitem> - <para> - The possible privileges are: - - <variablelist> - <varlistentry> - <term>SELECT</term> - <listitem> - <para> - Access all of the columns of a specific - table/view. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>INSERT</term> - <listitem> - <para> - Insert data into all columns of a - specific table. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>UPDATE</term> - <listitem> - <para> - Update all columns of a specific - table. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>DELETE</term> - <listitem> - <para> - Delete rows from a specific table. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>RULE</term> - <listitem> - <para> - Define rules on the table/view - (See CREATE RULE statement). - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ALL</term> - <listitem> - <para> - Grant all privileges. - </para> - </listitem> - </varlistentry> - </variablelist> - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><replaceable class="PARAMETER">object</replaceable></term> - <listitem> - <para> - The name of an object to which to grant access. - The possible objects are: - - <itemizedlist spacing="compact" mark="bullet"> - <listitem> - <para> - table - </para> - </listitem> - - <listitem> - <para> - view - </para> - </listitem> - - <listitem> - <para> - sequence - </para> - </listitem> - - </itemizedlist> - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>PUBLIC</term> - <listitem> - <para> - A short form representing all users. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>GROUP <replaceable class="PARAMETER">group</replaceable></term> - <listitem> - <para> - A <replaceable class="PARAMETER">group</replaceable> to whom to grant privileges. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term> - <replaceable class="PARAMETER">username</replaceable> - </term> - <listitem> - <para> - The name of a user to whom to grant privileges. PUBLIC is a short form - representing all users. - </para> - </listitem> - </varlistentry> - </variablelist> - </para> - </refsect2> - - <refsect2 id="R2-SQL-GRANT-2"> - <refsect2info> - <date>1998-09-23</date> - </refsect2info> - <title> - Outputs - </title> - <para> - <variablelist> - <varlistentry> - <term><computeroutput> -CHANGE - </computeroutput></term> - <listitem> - <para> - Message returned if successful. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><computeroutput> -ERROR: ChangeAcl: class "<replaceable class="PARAMETER">object</replaceable>" not found - </computeroutput></term> - <listitem> - <para> - Message returned if the specified object is not available or - if it is impossible - to give privileges to the specified group or users. - </para> - </listitem> - </varlistentry> - </variablelist> - </para> - </refsect2> + <refsynopsisdiv> +<synopsis> +GRANT { { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRIGGER } [,...] | ALL [ PRIVILEGES ] } + ON [ TABLE ] <replaceable class="PARAMETER">objectname</replaceable> [, ...] + TO { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } +</synopsis> </refsynopsisdiv> - <refsect1 id="R1-SQL-GRANT-1"> - <refsect1info> - <date>1998-09-23</date> - </refsect1info> - <title> - Description - </title> + <refsect1 id="sql-grant-description"> + <title>Description</title> + + <para> + The <command>GRANT</command> command gives specific permissions on + an object (table, view, sequence) to a user or a group of users. + The special key word <literal>PUBLIC</literal> indicates that the + privileges are to be granted to all users, including those that may + be created later. + </para> <para> - <command>GRANT</command> allows the creator of an object to give specific permissions to - all users (PUBLIC) or to a certain user or group. - Users other than the creator don't have any access permission - unless the creator GRANTs permissions, after the object - is created. + Users other than the creator do not have any access privileges + unless the creator grants permissions, after the object is created. + There is no need to grant privileges to the creator of an object, + as the creator automatically holds all privileges, and can also + drop the object. </para> <para> - Once a user has a privilege on an object, he is enabled to exercise - that privilege. - There is no need to GRANT privileges to the creator of - an object, the creator automatically holds ALL privileges, and can - also drop the object. + The possible privileges are: + + <variablelist> + <varlistentry> + <term>SELECT</term> + <listitem> + <para> + Allows <xref linkend="sql-select"> from any column of the + specified table, view, or sequence. Also allows the use of + <xref linkend="sql-copy"> FROM. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>INSERT</term> + <listitem> + <para> + Allows <xref linkend="sql-insert"> of a new row into the + specified table. Also allows <xref linkend="sql-copy"> TO. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>UPDATE</term> + <listitem> + <para> + Allows <xref linkend="sql-update"> of any column of the + specified table. <literal>SELECT ... FOR UPDATE</literal> + also requires this privilege (besides the + <literal>SELECT</literal> privilege). For sequences, this + privilege allows the use of <function>currval</function> and + <function>nextval</function>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>DELETE</term> + <listitem> + <para> + Allows the <xref linkend="sql-delete"> of a row from the + specified table. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>RULE</term> + <listitem> + <para> + Allows the creation of a rule on the table/view. (See <xref + linkend="sql-createrule"> statement). + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>REFERENCES</term> + <listitem> + <para> + To create of a table with a foreign key constraint, it is + necessary to have this privilege on the table with the primary + key. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>TRIGGER</term> + <listitem> + <para> + Allows the creation of a trigger on the specified table. (See + <xref linkend="sql-createtrigger"> statement). + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>ALL PRIVILEGES</term> + <listitem> + <para> + Grant all of the above privileges at once. The + <literal>PRIVILEGES</literal> key word is optional, but it is + required by strict SQL. + </para> + </listitem> + </varlistentry> + </variablelist> + + The privileges required by other commands are listed on the + reference page of the respective command. </para> + </refsect1> + - <refsect2 id="R2-SQL-GRANT-3"> - <refsect2info> - <date>1998-09-23</date> - </refsect2info> - <title> - Notes - </title> + <refsect1 id="SQL-GRANT-notes"> + <title>Notes</title> <para> Currently, to grant privileges in <productname>Postgres</productname> to only a few columns, you must - create a view having desired columns and then grant privileges + create a view having the desired columns and then grant privileges to that view. </para> <para> - Use <command>psql \z</command> - for further information about permissions + Use <xref linkend="app-psql">'s <command>\z</command> command + to obtain information about privileges on existing objects: - <programlisting> - Database = lusitania +<programlisting> + Database = lusitania +------------------+---------------------------------------------+ | Relation | Grant/Revoke Permissions | +------------------+---------------------------------------------+ - | mytable | {"=rw","miriam=arwR","group todos=rw"} | + | mytable | {"=rw","miriam=arwdRxt","group todos=rw"} | +------------------+---------------------------------------------+ Legend: uname=arwR -- privileges granted to a user - group gname=arwR -- privileges granted to a GROUP + group gname=arwR -- privileges granted to a group =arwR -- privileges granted to PUBLIC - r -- SELECT - w -- UPDATE/DELETE - a -- INSERT + r -- SELECT ("read") + w -- UPDATE ("write") + a -- INSERT ("append") + d -- DELETE R -- RULE - arwR -- ALL - </programlisting> - + x -- REFERENCES + t -- TRIGGER + arwdRxt -- ALL PRIVILEGES +</programlisting> </para> <para> - Refer to REVOKE statements to revoke access privileges. + The <xref linkend="sql-revoke"> command is used to revoke access + privileges. </para> - </refsect2> </refsect1> - <refsect1 id="R1-SQL-GRANT-2"> - <title> - Usage - </title> + <refsect1 id="sql-grant-examples"> + <title>Examples</title> + <para> Grant insert privilege to all users on table films: - <programlisting> +<programlisting> GRANT INSERT ON films TO PUBLIC; - </programlisting> +</programlisting> </para> <para> Grant all privileges to user manuel on view kinds: - <programlisting> -GRANT ALL ON kinds TO manuel; - </programlisting> +<programlisting> +GRANT ALL PRIVILEGES ON kinds TO manuel; +</programlisting> </para> </refsect1> - <refsect1 id="R1-SQL-GRANT-3"> - <title> - Compatibility - </title> + <refsect1 id="sql-grant-compatibility"> + <title>Compatibility</title> - <refsect2 id="R2-SQL-GRANT-4"> - <refsect2info> - <date>1998-09-23</date> - </refsect2info> - <title> - SQL92 - </title> + <refsect2> + <title>SQL92</title> + <para> - The <acronym>SQL92</acronym> syntax for GRANT allows setting privileges - for individual columns - within a table, and allows setting a privilege to grant - the same privileges to others: + The <literal>PRIVILEGES</literal> key word in <literal>ALL + PRIVILEGES</literal> is required. <acronym>SQL</acronym> does not + support setting the privileges on more than one table per command. + </para> + + <para> + The <acronym>SQL92</acronym> syntax for GRANT allows setting + privileges for individual columns within a table, and allows + setting a privilege to grant the same privileges to others: - <synopsis> +<synopsis> GRANT <replaceable class="PARAMETER">privilege</replaceable> [, ...] ON <replaceable class="PARAMETER">object</replaceable> [ ( <replaceable class="PARAMETER">column</replaceable> [, ...] ) ] [, ...] TO { PUBLIC | <replaceable class="PARAMETER">username</replaceable> [, ...] } [ WITH GRANT OPTION ] - </synopsis> +</synopsis> + </para> + + <para> + <acronym>SQL</acronym> allows to grant the USAGE privilege on + other kinds of objects: CHARACTER SET, COLLATION, TRANSLATION, DOMAIN. </para> <para> - Fields are compatible with those in the <acronym>Postgres</acronym> - implementation, with the following additions: - - <variablelist> - <varlistentry> - <term><replaceable class="PARAMETER">privilege</replaceable></term> - <listitem> - <para> - <acronym>SQL92</acronym> permits additional privileges to be specified: - - <variablelist> - <varlistentry> - <term>SELECT</term> - <listitem> - <para> - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>REFERENCES</term> - <listitem> - <para> - Allowed to reference some or all of the columns of a specific - table/view in integrity constraints. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>USAGE</term> - <listitem> - <para> - Allowed to use a domain, character set, collation - or translation. - If an object specifies anything other than a table/view, - <replaceable class="PARAMETER">privilege</replaceable> - must specify only USAGE. - </para> - </listitem> - </varlistentry> - </variablelist> - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><replaceable class="PARAMETER">object</replaceable></term> - <listitem> - <para> - - <variablelist> - <varlistentry> - <term>[ TABLE ] <replaceable class="PARAMETER">table</replaceable></term> - <listitem> - <para> - <acronym>SQL92</acronym> allows the additional - non-functional keyword <literal>TABLE</literal>. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>CHARACTER SET</term> - <listitem> - <para> - Allowed to use the specified character set. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>COLLATION</term> - <listitem> - <para> - Allowed to use the specified collation sequence. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>TRANSLATION</term> - <listitem> - <para> - Allowed to use the specified character set translation. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>DOMAIN</term> - <listitem> - <para> - Allowed to use the specified domain. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>WITH GRANT OPTION</term> - <listitem> - <para> - Allowed to grant the same privilege to others. - </para> - </listitem> - </varlistentry> - </variablelist> - </para> - </listitem> - </varlistentry> - </variablelist> + The TRIGGER privilege was introduced in SQL99. The RULE privilege + is a PostgreSQL extension. </para> </refsect2> + + </refsect1> + + + <refsect1> + <title>See Also</title> + + <simpara> + <xref linkend="sql-revoke"> + </simpara> </refsect1> + </refentry> <!-- Keep this comment at the end of the file diff --git a/doc/src/sgml/ref/insert.sgml b/doc/src/sgml/ref/insert.sgml index dc6fb14da83..f6ab93f9f59 100644 --- a/doc/src/sgml/ref/insert.sgml +++ b/doc/src/sgml/ref/insert.sgml @@ -1,13 +1,11 @@ <!-- -$Header: /cvsroot/pgsql/doc/src/sgml/ref/insert.sgml,v 1.13 2001/01/13 23:58:55 petere Exp $ +$Header: /cvsroot/pgsql/doc/src/sgml/ref/insert.sgml,v 1.14 2001/05/27 09:59:28 petere Exp $ Postgres documentation --> <refentry id="SQL-INSERT"> <refmeta> - <refentrytitle id="SQL-INSERT-TITLE"> - INSERT - </refentrytitle> + <refentrytitle id="SQL-INSERT-TITLE">INSERT</refentrytitle> <refmiscinfo>SQL - Language Statements</refmiscinfo> </refmeta> <refnamediv> diff --git a/doc/src/sgml/ref/psql-ref.sgml b/doc/src/sgml/ref/psql-ref.sgml index 3a1c8ab0e07..ac58fdb3843 100644 --- a/doc/src/sgml/ref/psql-ref.sgml +++ b/doc/src/sgml/ref/psql-ref.sgml @@ -1,5 +1,5 @@ <!-- -$Header: /cvsroot/pgsql/doc/src/sgml/ref/psql-ref.sgml,v 1.53 2001/05/17 21:50:18 petere Exp $ +$Header: /cvsroot/pgsql/doc/src/sgml/ref/psql-ref.sgml,v 1.54 2001/05/27 09:59:28 petere Exp $ Postgres documentation --> @@ -1187,8 +1187,8 @@ Access permissions for database "test" </para> <para> - The commands <xref linkend="SQL-GRANT" endterm="SQL-GRANT-title"> and - <xref linkend="SQL-REVOKE" endterm="SQL-REVOKE-title"> + The commands <xref linkend="SQL-GRANT"> and + <xref linkend="SQL-REVOKE"> are used to set access permissions. </para> diff --git a/doc/src/sgml/ref/revoke.sgml b/doc/src/sgml/ref/revoke.sgml index d7e83c822d9..a9988fbc1ea 100644 --- a/doc/src/sgml/ref/revoke.sgml +++ b/doc/src/sgml/ref/revoke.sgml @@ -1,379 +1,96 @@ <!-- -$Header: /cvsroot/pgsql/doc/src/sgml/ref/revoke.sgml,v 1.13 2000/12/25 23:15:26 petere Exp $ +$Header: /cvsroot/pgsql/doc/src/sgml/ref/revoke.sgml,v 1.14 2001/05/27 09:59:28 petere Exp $ Postgres documentation --> <refentry id="SQL-REVOKE"> <refmeta> - <refentrytitle id="SQL-REVOKE-TITLE"> - REVOKE - </refentrytitle> + <refentrytitle>REVOKE</refentrytitle> <refmiscinfo>SQL - Language Statements</refmiscinfo> </refmeta> + <refnamediv> - <refname> - REVOKE - </refname> - <refpurpose> - Revokes access privilege from a user, a group or all users. - </refpurpose> + <refname>REVOKE</refname> + <refpurpose>Revokes access privilege from a user, a group, or all users.</refpurpose> </refnamediv> - <refsynopsisdiv> - <refsynopsisdivinfo> - <date>1999-07-20</date> - </refsynopsisdivinfo> - <synopsis> -REVOKE <replaceable class="PARAMETER">privilege</replaceable> [, ...] - ON <replaceable class="PARAMETER">object</replaceable> [, ...] - FROM { PUBLIC | GROUP <replaceable class="PARAMETER">groupname</replaceable> | <replaceable class="PARAMETER">username</replaceable> } - </synopsis> - - <refsect2 id="R2-SQL-REVOKE-1"> - <refsect2info> - <date>1998-09-24</date> - </refsect2info> - <title> - Inputs - </title> - <para> - - <variablelist> - <varlistentry> - <term><replaceable class="PARAMETER">privilege</replaceable></term> - <listitem> - <para> - The possible privileges are: - - <variablelist> - <varlistentry> - <term>SELECT</term> - <listitem> - <para> - Privilege to access all of the columns of a specific - table/view. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>INSERT</term> - <listitem> - <para> - Privilege to insert data into all columns of a - specific table. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>UPDATE</term> - <listitem> - <para> - Privilege to update all columns of a specific - table. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>DELETE</term> - <listitem> - <para> - Privilege to delete rows from a specific table. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>RULE</term> - <listitem> - <para> - Privilege to define rules on table/view. - (See - <xref linkend="sql-createrule" endterm="sql-createrule-title">). - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>ALL</term> - <listitem> - <para> - Rescind all privileges. - </para> - </listitem> - </varlistentry> - </variablelist> - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><replaceable class="PARAMETER">object</replaceable></term> - <listitem> - <para> - The name of an object from which to revoke access. - - The possible objects are: - <itemizedlist spacing="compact" mark="bullet"> - <listitem> - <para> - table - </para> - </listitem> - <listitem> - <para> - view - </para> - </listitem> - - <listitem> - <para> - sequence - </para> - </listitem> - - </itemizedlist> - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><replaceable class="PARAMETER">group</replaceable></term> - <listitem> - <para> - The name of a group from whom to revoke privileges. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><replaceable class="PARAMETER">username</replaceable></term> - <listitem> - <para> - The name of a user from whom revoke privileges. Use the PUBLIC keyword - to specify all users. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term>PUBLIC</term> - <listitem> - <para> - Rescind the specified privilege(s) for all users. - </para> - </listitem> - </varlistentry> - </variablelist> - </para> - </refsect2> - - <refsect2 id="R2-SQL-REVOKE-2"> - <refsect2info> - <date>1998-09-24</date> - </refsect2info> - <title> - Outputs - </title> - <para> - - <variablelist> - <varlistentry> - <term><computeroutput> -CHANGE - </computeroutput></term> - <listitem> - <para> - Message returned if successfully. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term><computeroutput> -ERROR - </computeroutput></term> - <listitem> - <para> - Message returned if object is not available or impossible - to revoke privileges from a group or users. - </para> - </listitem> - </varlistentry> - </variablelist> - </para> - </refsect2> + <refsynopsisdiv> +<synopsis> +REVOKE { { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRIGGER } [,...] | ALL [ PRIVILEGES ] } + ON [ TABLE ] <replaceable class="PARAMETER">object</replaceable> [, ...] + FROM { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } +</synopsis> </refsynopsisdiv> - <refsect1 id="R1-SQL-REVOKE-1"> - <refsect1info> - <date>1998-09-24</date> - </refsect1info> - <title> - Description - </title> + <refsect1 id="SQL-REVOKE-description"> + <title>Description</title> + <para> - <command>REVOKE</command> allows creator of an object to revoke permissions granted - before, from all users (via PUBLIC) or a certain user or group. + <command>REVOKE</command> allows the creator of an object to revoke + permissions granted before, from a users or a group of users. The + key word <literal>PUBLIC</literal> means to revoke this privilege + from all users. </para> - <refsect2 id="R2-SQL-REVOKE-3"> - <refsect2info> - <date>1998-09-24</date> - </refsect2info> - <title> - Notes - </title> - <para> - Refer to psql \z command for further information about permissions - on existing objects: - - <programlisting> -Database = lusitania -+------------------+---------------------------------------------+ -| Relation | Grant/Revoke Permissions | -+------------------+---------------------------------------------+ -| mytable | {"=rw","miriam=arwR","group todos=rw"} | -+------------------+---------------------------------------------+ -Legend: - uname=arwR -- privileges granted to a user - group gname=arwR -- privileges granted to a GROUP - =arwR -- privileges granted to PUBLIC - - r -- SELECT - w -- UPDATE/DELETE - a -- INSERT - R -- RULE - arwR -- ALL - </programlisting> - </para> - <tip> - <para> - Currently, to create a GROUP you have to insert - data manually into table pg_group as: + <para> + See the description of the <xref linkend="sql-grant"> command for + the meaning of the privilege types. + </para> + </refsect1> - <programlisting> -INSERT INTO pg_group VALUES ('todos'); -CREATE USER miriam IN GROUP todos; - </programlisting> - </para> - </tip> + <refsect1 id="SQL-REVOKE-notes"> + <title>Notes</title> - </refsect2> + <para> + Use <xref linkend="app-psql">'s <command>\z</command> command to + display the privileges granted on existing objects. See also <xref + linkend="sql-grant"> for information about the format. + </para> </refsect1> - <refsect1 id="R1-SQL-REVOKE-2"> - <title> - Usage - </title> + <refsect1 id="SQL-REVOKE-examples"> + <title>Examples</title> + <para> Revoke insert privilege from all users on table <literal>films</literal>: - <programlisting> +<programlisting> REVOKE INSERT ON films FROM PUBLIC; - </programlisting> +</programlisting> </para> <para> Revoke all privileges from user <literal>manuel</literal> on view <literal>kinds</literal>: - <programlisting> -REVOKE ALL ON kinds FROM manuel; - </programlisting> +<programlisting> +REVOKE ALL PRIVILEGES ON kinds FROM manuel; +</programlisting> </para> </refsect1> - <refsect1 id="R1-SQL-REVOKE-3"> - <title> - Compatibility - </title> + <refsect1 id="SQL-REVOKE-compatibility"> + <title>Compatibility</title> - <refsect2 id="R2-SQL-REVOKE-4"> - <refsect2info> - <date>1998-09-01</date> - </refsect2info> - <title> - SQL92 - </title> + <refsect2> + <title>SQL92</title> <para> - The SQL92 syntax for <command>REVOKE</command> - has additional capabilities for rescinding - privileges, including those on individual columns in tables: - - <variablelist> - <varlistentry> - <term> - <synopsis> -REVOKE { SELECT | DELETE | USAGE | ALL PRIVILEGES } [, ...] - ON <replaceable class="parameter">object</replaceable> - FROM { PUBLIC | <replaceable class="parameter">username</replaceable> [, ...] } { RESTRICT | CASCADE } -REVOKE { INSERT | UPDATE | REFERENCES } [, ...] [ ( <replaceable class="parameter">column</replaceable> [, ...] ) ] - ON <replaceable class="parameter">object</replaceable> - FROM { PUBLIC | <replaceable class="parameter">username</replaceable> [, ...] } { RESTRICT | CASCADE } - </synopsis> - </term> - <listitem> - <para> - Refer to - <xref linkend="sql-grant" endterm="sql-grant-title"> - for details on individual fields. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term> - <synopsis> -REVOKE GRANT OPTION FOR <replaceable class="parameter">privilege</replaceable> [, ...] - ON <replaceable class="parameter">object</replaceable> - FROM { PUBLIC | <replaceable class="parameter">username</replaceable> [, ...] } { RESTRICT | CASCADE } - </synopsis> - </term> - <listitem> - <para> - Rescinds authority for a user to grant the specified privilege - to others. - Refer to - <xref linkend="sql-grant" endterm="sql-grant-title"> - for details on individual fields. - </para> - </listitem> - </varlistentry> - </variablelist> - </para> - - <para> - The possible objects are: - <simplelist> - <member> - [ TABLE ] table/view - </member> - <member> - CHARACTER SET character-set - </member> - <member> - COLLATION collation - </member> - <member> - TRANSLATION translation - </member> - <member> - DOMAIN domain - </member> - </simplelist> + The compatibility notes of the <xref linkend="sql-grant"> command + apply analogously to <command>REVOKE</command>. The syntax summary is: + +<synopsis> +REVOKE [ GRANT OPTION FOR ] { SELECT | INSERT | UPDATE | DELETE | REFERENCES } + ON <replaceable class="parameter">object</replaceable> [ ( <replaceable class="parameter">column</replaceable> [, ...] ) ] + FROM { PUBLIC | <replaceable class="parameter">username</replaceable> [, ...] } + { RESTRICT | CASCADE } +</synopsis> </para> <para> If user1 gives a privilege WITH GRANT OPTION to user2, and user2 gives it to user3 then user1 can revoke this privilege in cascade using the CASCADE keyword. - </para> - - <para> If user1 gives a privilege WITH GRANT OPTION to user2, and user2 gives it to user3, then if user1 tries to revoke this privilege it fails if he specify the RESTRICT @@ -381,6 +98,15 @@ REVOKE GRANT OPTION FOR <replaceable class="parameter">privilege</replaceable> [ </para> </refsect2> </refsect1> + + <refsect1> + <title>See Also</title> + + <simpara> + <xref linkend="sql-grant"> + </simpara> + </refsect1> + </refentry> <!-- Keep this comment at the end of the file diff --git a/doc/src/sgml/ref/select.sgml b/doc/src/sgml/ref/select.sgml index d9311c95a07..1106798d4a2 100644 --- a/doc/src/sgml/ref/select.sgml +++ b/doc/src/sgml/ref/select.sgml @@ -1,13 +1,11 @@ <!-- -$Header: /cvsroot/pgsql/doc/src/sgml/ref/select.sgml,v 1.40 2001/03/24 23:03:26 petere Exp $ +$Header: /cvsroot/pgsql/doc/src/sgml/ref/select.sgml,v 1.41 2001/05/27 09:59:28 petere Exp $ Postgres documentation --> <refentry id="SQL-SELECT"> <refmeta> - <refentrytitle id="sql-select-title"> - SELECT - </refentrytitle> + <refentrytitle id="sql-select-title">SELECT</refentrytitle> <refmiscinfo>SQL - Language Statements</refmiscinfo> </refmeta> <refnamediv> diff --git a/doc/src/sgml/ref/update.sgml b/doc/src/sgml/ref/update.sgml index 58966c9b4ab..f47b2663ac3 100644 --- a/doc/src/sgml/ref/update.sgml +++ b/doc/src/sgml/ref/update.sgml @@ -1,13 +1,11 @@ <!-- -$Header: /cvsroot/pgsql/doc/src/sgml/ref/update.sgml,v 1.14 2001/01/13 23:58:55 petere Exp $ +$Header: /cvsroot/pgsql/doc/src/sgml/ref/update.sgml,v 1.15 2001/05/27 09:59:28 petere Exp $ Postgres documentation --> <refentry id="SQL-UPDATE"> <refmeta> - <refentrytitle id="SQL-UPDATE-TITLE"> - UPDATE - </refentrytitle> + <refentrytitle id="SQL-UPDATE-TITLE">UPDATE</refentrytitle> <refmiscinfo>SQL - Language Statements</refmiscinfo> </refmeta> <refnamediv> |