<!--
-$PostgreSQL: pgsql/doc/src/sgml/ref/dropuser.sgml,v 1.32 2005/05/29 03:32:18 momjian Exp $
+$PostgreSQL: pgsql/doc/src/sgml/ref/dropuser.sgml,v 1.33 2005/08/15 02:40:20 tgl Exp $
PostgreSQL documentation
-->
<para>
<application>dropuser</application> removes an existing
- <productname>PostgreSQL</productname> user
- <emphasis>and</emphasis> the databases which that user owned.
- Only superusers (users with <literal>usesuper</literal> set in
- the <literal>pg_shadow</literal> table) can destroy
- <productname>PostgreSQL</productname> users.
+ <productname>PostgreSQL</productname> user.
+ Only superusers and users with the <literal>CREATEROLE</> privilege can
+ remove <productname>PostgreSQL</productname> users. (To remove a
+ superuser, you must yourself be a superuser.)
</para>
<para>
<application>dropuser</application> is a wrapper around the
- <acronym>SQL</acronym> command <xref linkend="SQL-DROPUSER"
- endterm="SQL-DROPUSER-title">.
+ <acronym>SQL</acronym> command <xref linkend="SQL-DROPROLE"
+ endterm="SQL-DROPROLE-title">.
There is no effective difference between dropping users via
this utility and via other methods for accessing the server.
</para>
<term><replaceable class="parameter">username</replaceable></term>
<listitem>
<para>
- Specifies the name of the <productname>PostgreSQL</productname> user to be removed.
- You will be prompted for a name if none is specified on the command line.
+
Specifies the name of the <productname>PostgreSQL</productname> user to be removed.
+ You will be prompted for a name if none is specified on the command line.
</para>
</listitem>
</varlistentry>
<listitem>
<para>
Echo the commands that <application>dropuser</application> generates
- and sends to the server.
+ and sends to the server.
</para>
</listitem>
</varlistentry>
<term><option>--host <replaceable class="parameter">host</replaceable></></term>
<listitem>
<para>
- Specifies the host name of the machine on which the
- server
- is running. If the value begins with a slash, it is used
- as the directory for the Unix domain socket.
+ Specifies the host name of the machine on which the
+ server
+ is running. If the value begins with a slash, it is used
+ as the directory for the Unix domain socket.
</para>
</listitem>
</varlistentry>
<term><option>--port <replaceable class="parameter">port</replaceable></></term>
<listitem>
<para>
- Specifies the TCP port or local Unix domain socket file
- extension on which the server
- is listening for connections.
+ Specifies the TCP port or local Unix domain socket file
+ extension on which the server
+ is listening for connections.
</para>
</listitem>
</varlistentry>
<title>Diagnostics</title>
<para>
- In case of difficulty, see <xref linkend="SQL-DROPUSER"
- endterm="sql-dropuser-title"> and <xref linkend="APP-PSQL"> for
+ In case of difficulty, see <xref linkend="SQL-DROPROLE"
+ endterm="sql-droprole-title"> and <xref linkend="APP-PSQL"> for
discussions of potential problems and error messages.
The database server must be running at the
targeted host. Also, any default connection settings and environment
server:
<screen>
<prompt>$ </prompt><userinput>dropuser joe</userinput>
-<computeroutput>DROP USER</computeroutput>
+<computeroutput>DROP ROLE</computeroutput>
</screen>
</para>
command:
<screen>
<prompt>$ </prompt><userinput>dropuser -p 5000 -h eden -i -e joe</userinput>
-<computeroutput>User "joe" and any owned databases will be permanently deleted.
+<computeroutput>Role "joe" will be permanently removed.
Are you sure? (y/n) </computeroutput><userinput>y</userinput>
-<computeroutput>DROP USER "joe"
-DROP USER</computeroutput>
+<computeroutput>DROP ROLE "joe"
+DROP ROLE</computeroutput>
</screen>
</para>
</refsect1>
<simplelist type="inline">
<member><xref linkend="app-createuser"></member>
- <member><xref linkend="sql-dropuser" endterm="sql-dropuser-title"></member>
+ <member><xref linkend="sql-droprole" endterm="sql-droprole-title"></member>
<member>Environment Variables (<xref linkend="libpq-envars">)</member>
</simplelist>
</refsect1>
<!--
-$PostgreSQL: pgsql/doc/src/sgml/ref/reindex.sgml,v 1.27 2005/06/22 21:14:28 tgl Exp $
+$PostgreSQL: pgsql/doc/src/sgml/ref/reindex.sgml,v 1.28 2005/08/15 02:40:20 tgl Exp $
PostgreSQL documentation
-->
<para>
If corruption is suspected in the indexes of any of the shared
- system catalogs (<structname>pg_database</structname>,
- <structname>pg_group</structname>,
- <structname>pg_shadow</structname>, or
+ system catalogs (<structname>pg_authid</structname>,
+ <structname>pg_auth_members</structname>,
+ <structname>pg_database</structname>,
+ <structname>pg_shdepend</structname>, or
<structname>pg_tablespace</structname>), then a standalone server
must be used to repair it. <command>REINDEX</> will not process
shared catalogs in multiuser mode.
<!--
-$PostgreSQL: pgsql/doc/src/sgml/xaggr.sgml,v 1.28 2005/03/30 02:08:39 neilc Exp $
+$PostgreSQL: pgsql/doc/src/sgml/xaggr.sgml,v 1.29 2005/08/15 02:40:23 tgl Exp $
-->
<sect1 id="xaggr">
<programlisting>
SELECT attrelid::regclass, array_accum(attname)
FROM pg_attribute
- WHERE attnum > 0 AND attrelid = 'pg_user'::regclass
+ WHERE attnum > 0 AND attrelid = 'pg_tablespace'::regclass
GROUP BY attrelid;
- attrelid | array_accum
-----------+-----------------------------------------------------------------------------
- pg_user | {usename,usesysid,usecreatedb,usesuper,usecatupd,passwd,valuntil,useconfig}
+ attrelid | array_accum
+---------------+---------------------------------------
+ pg_tablespace | {spcname,spcowner,spclocation,spcacl}
(1 row)
SELECT attrelid::regclass, array_accum(atttypid)
FROM pg_attribute
- WHERE attnum > 0 AND attrelid = 'pg_user'::regclass
+ WHERE attnum > 0 AND attrelid = 'pg_tablespace'::regclass
GROUP BY attrelid;
- attrelid | array_accum
-----------+------------------------------
- pg_user | {19,23,16,16,16,25,702,1009}
+ attrelid | array_accum
+---------------+-----------------
+ pg_tablespace | {19,26,25,1034}
(1 row)
</programlisting>
</para>
* Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $PostgreSQL: pgsql/src/backend/libpq/crypt.c,v 1.64 2005/06/29 22:51:54 tgl Exp $
+ * $PostgreSQL: pgsql/src/backend/libpq/crypt.c,v 1.65 2005/08/15 02:40:25 tgl Exp $
*
*-------------------------------------------------------------------------
*/
if (shadow_pass == NULL || *shadow_pass == '\0')
return STATUS_ERROR;
- /* We can't do crypt with pg_shadow MD5 passwords */
+ /* We can't do crypt with MD5 passwords */
if (isMD5(shadow_pass) && port->auth_method == uaCrypt)
{
ereport(LOG,
crypt_pwd = palloc(MD5_PASSWD_LEN + 1);
if (isMD5(shadow_pass))
{
- /* pg_shadow already encrypted, only do salt */
+ /* stored password already encrypted, only do salt */
if (!EncryptMD5(shadow_pass + strlen("md5"),
(char *) port->md5Salt,
sizeof(port->md5Salt), crypt_pwd))
}
else
{
- /* pg_shadow plain, double-encrypt */
+ /* stored password is plain, double-encrypt */
char *crypt_pwd2 = palloc(MD5_PASSWD_LEN + 1);
if (!EncryptMD5(shadow_pass,
default:
if (isMD5(shadow_pass))
{
- /*
- * Encrypt user-supplied password to match MD5 in
- * pg_shadow
- */
+ /* Encrypt user-supplied password to match stored MD5 */
crypt_client_pass = palloc(MD5_PASSWD_LEN + 1);
if (!EncryptMD5(client_pass,
port->user_name,
# "host" is either a plain or SSL-encrypted TCP/IP socket, "hostssl" is an
# SSL-encrypted TCP/IP socket, and "hostnossl" is a plain TCP/IP socket.
#
-# DATABASE can be "all", "sameuser", "samegroup", a database name, or
+# DATABASE can be "all", "sameuser", "samerole", a database name, or
# a comma-separated list thereof.
#
# USER can be "all", a user name, a group name prefixed with "+", or
#
# Database and user names containing spaces, commas, quotes and other special
# characters must be quoted. Quoting one of the keywords "all", "sameuser" or
-# "samegroup" makes the name lose its special character, and just match a
+# "samerole" makes the name lose its special character, and just match a
# database or username with that name.
#
# This file is read on server startup and when the postmaster receives
*
* All code should use either of these two functions to find out
* whether a given user is a superuser, rather than examining
- * pg_shadow.usesuper directly, so that the escape hatch built in for
+ * pg_authid.rolsuper directly, so that the escape hatch built in for
* the single-user case works.
*
*
*
*
* IDENTIFICATION
- * $PostgreSQL: pgsql/src/backend/utils/misc/superuser.c,v 1.32 2005/06/28 05:09:02 tgl Exp $
+ * $PostgreSQL: pgsql/src/backend/utils/misc/superuser.c,v 1.33 2005/08/15 02:40:26 tgl Exp $
*
*-------------------------------------------------------------------------
*/
* Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
* Portions Copyright (c) 1994, Regents of the University of California
*
- * $PostgreSQL: pgsql/src/bin/scripts/dropuser.c,v 1.14 2005/06/21 04:02:33 tgl Exp $
+ * $PostgreSQL: pgsql/src/bin/scripts/dropuser.c,v 1.15 2005/08/15 02:40:28 tgl Exp $
*
*-------------------------------------------------------------------------
*/
}
if (dropuser == NULL)
- dropuser = simple_prompt("Enter name of user to drop: ", 128, true);
+ dropuser = simple_prompt("Enter name of role to drop: ", 128, true);
if (interactive)
{
char *reply;
- printf(_("User \"%s\" will be permanently removed.\n"), dropuser);
+ printf(_("Role \"%s\" will be permanently removed.\n"), dropuser);
reply = simple_prompt("Are you sure? (y/n) ", 1, true);
if (check_yesno_response(reply) != 1)
exit(0);
}
initPQExpBuffer(&sql);
- appendPQExpBuffer(&sql, "DROP USER %s;\n", fmtId(dropuser));
+ appendPQExpBuffer(&sql, "DROP ROLE %s;\n", fmtId(dropuser));
conn = connectDatabase("postgres", host, port, username, password, progname);
if (PQresultStatus(result) != PGRES_COMMAND_OK)
{
- fprintf(stderr, _("%s: removal of user \"%s\" failed: %s"),
+ fprintf(stderr, _("%s: removal of role \"%s\" failed: %s"),
progname, dropuser, PQerrorMessage(conn));
PQfinish(conn);
exit(1);
PQfinish(conn);
if (!quiet)
{
- puts("DROP USER");
+ puts("DROP ROLE");
fflush(stdout);
}
exit(0);
t
(1 row)
-select has_table_privilege(t2.usesysid,'pg_authid','update')
-from (select usesysid from pg_user where usename = current_user) as t2;
+select has_table_privilege(t2.oid,'pg_authid','update')
+from (select oid from pg_roles where rolname = current_user) as t2;
has_table_privilege
---------------------
t
(1 row)
-select has_table_privilege(t2.usesysid,'pg_authid','delete')
-from (select usesysid from pg_user where usename = current_user) as t2;
+select has_table_privilege(t2.oid,'pg_authid','delete')
+from (select oid from pg_roles where rolname = current_user) as t2;
has_table_privilege
---------------------
t
t
(1 row)
-select has_table_privilege(t2.usesysid,t1.oid,'select')
+select has_table_privilege(t2.oid,t1.oid,'select')
from (select oid from pg_class where relname = 'pg_authid') as t1,
- (select usesysid from pg_user where usename = current_user) as t2;
+ (select oid from pg_roles where rolname = current_user) as t2;
has_table_privilege
---------------------
t
(1 row)
-select has_table_privilege(t2.usesysid,t1.oid,'insert')
+select has_table_privilege(t2.oid,t1.oid,'insert')
from (select oid from pg_class where relname = 'pg_authid') as t1,
- (select usesysid from pg_user where usename = current_user) as t2;
+ (select oid from pg_roles where rolname = current_user) as t2;
has_table_privilege
---------------------
t
f
(1 row)
-select has_table_privilege(t2.usesysid,'pg_class','update')
-from (select usesysid from pg_user where usename = current_user) as t2;
+select has_table_privilege(t2.oid,'pg_class','update')
+from (select oid from pg_roles where rolname = current_user) as t2;
has_table_privilege
---------------------
f
(1 row)
-select has_table_privilege(t2.usesysid,'pg_class','delete')
-from (select usesysid from pg_user where usename = current_user) as t2;
+select has_table_privilege(t2.oid,'pg_class','delete')
+from (select oid from pg_roles where rolname = current_user) as t2;
has_table_privilege
---------------------
f
f
(1 row)
-select has_table_privilege(t2.usesysid,t1.oid,'select')
+select has_table_privilege(t2.oid,t1.oid,'select')
from (select oid from pg_class where relname = 'pg_class') as t1,
- (select usesysid from pg_user where usename = current_user) as t2;
+ (select oid from pg_roles where rolname = current_user) as t2;
has_table_privilege
---------------------
t
(1 row)
-select has_table_privilege(t2.usesysid,t1.oid,'insert')
+select has_table_privilege(t2.oid,t1.oid,'insert')
from (select oid from pg_class where relname = 'pg_class') as t1,
- (select usesysid from pg_user where usename = current_user) as t2;
+ (select oid from pg_roles where rolname = current_user) as t2;
has_table_privilege
---------------------
f
f
(1 row)
-select has_table_privilege(t2.usesysid,'atest1','update')
-from (select usesysid from pg_user where usename = current_user) as t2;
+select has_table_privilege(t2.oid,'atest1','update')
+from (select oid from pg_roles where rolname = current_user) as t2;
has_table_privilege
---------------------
f
(1 row)
-select has_table_privilege(t2.usesysid,'atest1','delete')
-from (select usesysid from pg_user where usename = current_user) as t2;
+select has_table_privilege(t2.oid,'atest1','delete')
+from (select oid from pg_roles where rolname = current_user) as t2;
has_table_privilege
---------------------
f
f
(1 row)
-select has_table_privilege(t2.usesysid,t1.oid,'select')
+select has_table_privilege(t2.oid,t1.oid,'select')
from (select oid from pg_class where relname = 'atest1') as t1,
- (select usesysid from pg_user where usename = current_user) as t2;
+ (select oid from pg_roles where rolname = current_user) as t2;
has_table_privilege
---------------------
t
(1 row)
-select has_table_privilege(t2.usesysid,t1.oid,'insert')
+select has_table_privilege(t2.oid,t1.oid,'insert')
from (select oid from pg_class where relname = 'atest1') as t1,
- (select usesysid from pg_user where usename = current_user) as t2;
+ (select oid from pg_roles where rolname = current_user) as t2;
has_table_privilege
---------------------
f
select has_table_privilege(current_user,'pg_authid','select');
select has_table_privilege(current_user,'pg_authid','insert');
-select has_table_privilege(t2.usesysid,'pg_authid','update')
-from (select usesysid from pg_user where usename = current_user) as t2;
-select has_table_privilege(t2.usesysid,'pg_authid','delete')
-from (select usesysid from pg_user where usename = current_user) as t2;
+select has_table_privilege(t2.oid,'pg_authid','update')
+from (select oid from pg_roles where rolname = current_user) as t2;
+select has_table_privilege(t2.oid,'pg_authid','delete')
+from (select oid from pg_roles where rolname = current_user) as t2;
select has_table_privilege(current_user,t1.oid,'rule')
from (select oid from pg_class where relname = 'pg_authid') as t1;
select has_table_privilege(current_user,t1.oid,'references')
from (select oid from pg_class where relname = 'pg_authid') as t1;
-select has_table_privilege(t2.usesysid,t1.oid,'select')
+select has_table_privilege(t2.oid,t1.oid,'select')
from (select oid from pg_class where relname = 'pg_authid') as t1,
- (select usesysid from pg_user where usename = current_user) as t2;
-select has_table_privilege(t2.usesysid,t1.oid,'insert')
+ (select oid from pg_roles where rolname = current_user) as t2;
+select has_table_privilege(t2.oid,t1.oid,'insert')
from (select oid from pg_class where relname = 'pg_authid') as t1,
- (select usesysid from pg_user where usename = current_user) as t2;
+ (select oid from pg_roles where rolname = current_user) as t2;
select has_table_privilege('pg_authid','update');
select has_table_privilege('pg_authid','delete');
select has_table_privilege(current_user,'pg_class','select');
select has_table_privilege(current_user,'pg_class','insert');
-select has_table_privilege(t2.usesysid,'pg_class','update')
-from (select usesysid from pg_user where usename = current_user) as t2;
-select has_table_privilege(t2.usesysid,'pg_class','delete')
-from (select usesysid from pg_user where usename = current_user) as t2;
+select has_table_privilege(t2.oid,'pg_class','update')
+from (select oid from pg_roles where rolname = current_user) as t2;
+select has_table_privilege(t2.oid,'pg_class','delete')
+from (select oid from pg_roles where rolname = current_user) as t2;
select has_table_privilege(current_user,t1.oid,'rule')
from (select oid from pg_class where relname = 'pg_class') as t1;
select has_table_privilege(current_user,t1.oid,'references')
from (select oid from pg_class where relname = 'pg_class') as t1;
-select has_table_privilege(t2.usesysid,t1.oid,'select')
+select has_table_privilege(t2.oid,t1.oid,'select')
from (select oid from pg_class where relname = 'pg_class') as t1,
- (select usesysid from pg_user where usename = current_user) as t2;
-select has_table_privilege(t2.usesysid,t1.oid,'insert')
+ (select oid from pg_roles where rolname = current_user) as t2;
+select has_table_privilege(t2.oid,t1.oid,'insert')
from (select oid from pg_class where relname = 'pg_class') as t1,
- (select usesysid from pg_user where usename = current_user) as t2;
+ (select oid from pg_roles where rolname = current_user) as t2;
select has_table_privilege('pg_class','update');
select has_table_privilege('pg_class','delete');
select has_table_privilege(current_user,'atest1','select');
select has_table_privilege(current_user,'atest1','insert');
-select has_table_privilege(t2.usesysid,'atest1','update')
-from (select usesysid from pg_user where usename = current_user) as t2;
-select has_table_privilege(t2.usesysid,'atest1','delete')
-from (select usesysid from pg_user where usename = current_user) as t2;
+select has_table_privilege(t2.oid,'atest1','update')
+from (select oid from pg_roles where rolname = current_user) as t2;
+select has_table_privilege(t2.oid,'atest1','delete')
+from (select oid from pg_roles where rolname = current_user) as t2;
select has_table_privilege(current_user,t1.oid,'rule')
from (select oid from pg_class where relname = 'atest1') as t1;
select has_table_privilege(current_user,t1.oid,'references')
from (select oid from pg_class where relname = 'atest1') as t1;
-select has_table_privilege(t2.usesysid,t1.oid,'select')
+select has_table_privilege(t2.oid,t1.oid,'select')
from (select oid from pg_class where relname = 'atest1') as t1,
- (select usesysid from pg_user where usename = current_user) as t2;
-select has_table_privilege(t2.usesysid,t1.oid,'insert')
+ (select oid from pg_roles where rolname = current_user) as t2;
+select has_table_privilege(t2.oid,t1.oid,'insert')
from (select oid from pg_class where relname = 'atest1') as t1,
- (select usesysid from pg_user where usename = current_user) as t2;
+ (select oid from pg_roles where rolname = current_user) as t2;
select has_table_privilege('atest1','update');
select has_table_privilege('atest1','delete');
-- Portions Copyright (c) 1996-2005, PostgreSQL Global Development Group
-- Portions Copyright (c) 1994, Regents of the University of California
--
--- $PostgreSQL: pgsql/src/tutorial/syscat.source,v 1.14 2004/12/31 22:04:05 pgsql Exp $
+-- $PostgreSQL: pgsql/src/tutorial/syscat.source,v 1.15 2005/08/15 02:40:36 tgl Exp $
--
---------------------------------------------------------------------------
SET SEARCH_PATH TO pg_catalog;
--
--- lists the name of all database adminstrators and the name of their
--- database(s)
+-- lists the names of all database owners and the name of their database(s)
--
-SELECT usename, datname
- FROM pg_user, pg_database
- WHERE usesysid = datdba
- ORDER BY usename, datname;
+SELECT rolname, datname
+ FROM pg_roles, pg_database
+ WHERE pg_roles.oid = datdba
+ ORDER BY rolname, datname;
--
-- lists all user-defined classes
--
-- lists all user-defined base types (not including array types)
--
-SELECT n.nspname, u.usename, format_type(t.oid, null) as typname
- FROM pg_type t, pg_user u, pg_namespace n
- WHERE u.usesysid = t.typowner
+SELECT n.nspname, r.rolname, format_type(t.oid, null) as typname
+ FROM pg_type t, pg_roles r, pg_namespace n
+ WHERE r.oid = t.typowner
and t.typnamespace = n.oid
- and t.typrelid = '0'::oid -- no complex types
- and t.typelem = '0'::oid -- no arrays
- and n.nspname not like 'pg\\_%' -- no catalogs
+ and t.typrelid = 0 -- no complex types
+ and t.typelem = 0 -- no arrays
+ and n.nspname not like 'pg\\_%' -- no built-in types
and n.nspname != 'information_schema' -- no information_schema
- ORDER BY nspname, usename, typname;
+ ORDER BY nspname, rolname, typname;
--
projects / postgresql / commitdiff