From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Wed, 1 Sep 2004 04:13:11 +0000 (+0000)
Subject: Add a note about the difference between Postgres' treatment of the rights
X-Git-Tag: REL8_0_0BETA3~167
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=3ff8cc45ad90a3c51b90dccb390b7421577d9ff6;p=postgresql

Add a note about the difference between Postgres' treatment of the rights
of an object owner and the SQL spec's treatment of these rights.
---

diff --git a/doc/src/sgml/ref/grant.sgml b/doc/src/sgml/ref/grant.sgml
index 9ea480c57a..d6a6ef94b6 100644
--- a/doc/src/sgml/ref/grant.sgml
+++ b/doc/src/sgml/ref/grant.sgml
@@ -1,5 +1,5 @@
 <!--
-$PostgreSQL: pgsql/doc/src/sgml/ref/grant.sgml,v 1.42 2004/08/07 20:44:50 tgl Exp $
+$PostgreSQL: pgsql/doc/src/sgml/ref/grant.sgml,v 1.43 2004/09/01 04:13:11 tgl Exp $
 PostgreSQL documentation
 -->
 
@@ -403,6 +403,18 @@ GRANT ALL PRIVILEGES ON kinds TO manuel;
     one object per command.
    </para>
 
+   <para>
+    <productname>PostgreSQL</productname> allows an object owner to revoke his
+    own ordinary privileges: for example, a table owner can make the table
+    read-only to himself by revoking his own INSERT, UPDATE, and DELETE
+    privileges.  This is not possible according to the SQL standard.  The
+    reason is that <productname>PostgreSQL</productname> treats the owner's
+    privileges as having been granted by the owner to himself; therefore he
+    can revoke them too.  In the SQL standard, the owner's privileges are
+    granted by an assumed entity <quote>_SYSTEM</>.  Not being
+    <quote>_SYSTEM</>, the owner cannot revoke these rights.
+   </para>
+
    <para>
     The SQL standard allows setting privileges for individual columns
     within a table: