From: Robert Haas Date: Wed, 15 Feb 2012 14:57:56 +0000 (-0500) Subject: sepgsql: Reword and fix typo in docs on DML permissions. X-Git-Tag: REL9_2_BETA1~419 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d845fd684a3a386400a42c83c209e70095cadd55;p=postgresql sepgsql: Reword and fix typo in docs on DML permissions. Per report from Christoph Berg. --- diff --git a/doc/src/sgml/sepgsql.sgml b/doc/src/sgml/sepgsql.sgml index e45c258ac8..68cc6078af 100644 --- a/doc/src/sgml/sepgsql.sgml +++ b/doc/src/sgml/sepgsql.sgml @@ -345,42 +345,35 @@ $ sudo semodule -r sepgsql-regtest For tables, db_table:select, db_table:insert, - db_table:update or db_table:delete is + db_table:update or db_table:delete are checked for all the referenced target tables depending on the kind of - statement; - in addition, db_table:select is also checked for - all the tables that contain the columns referenced in the + statement; in addition, db_table:select is also checked for + all the tables that contain columns referenced in the WHERE or RETURNING clause, as a data source - of UPDATE, and so on. For example, consider: - - -UPDATE t1 SET x = 2, y = md5sum(y) WHERE z = 100; - - - In this case we must have db_table:select in addition to - db_table:update, because t1.a is referenced - within the WHERE clause. Column-level permissions will also be - checked for each referenced column. + for UPDATE, and so on. - For columns, db_column:select is checked on - not only the columns being read using SELECT, but those being - referenced in other DML statements. - Of course, it also checks db_column:update or - db_column:insert on columns being modified by - UPDATE or INSERT. + Column-level permissions will also be checked for each referenced column. + db_column:select is checked on not only the columns being + read using SELECT, but those being referenced in other DML + statements; db_column:update or db_column:insert + will also be checked for columns being modified by UPDATE or + INSERT. + For example, consider: UPDATE t1 SET x = 2, y = md5sum(y) WHERE z = 100; - In this case, it checks db_column:update on the column - t1.x being updated, db_column:{select update} - on the column t1.y being updated and referenced, and - db_column:select on the column t1.z, since that is - only referenced in the WHERE clause. + + Here, db_column:update will be checked for + t1.x, since it is being updated, + db_column:{select update} will be checked for + t1.y, since it is both updated and referenced, and + db_column:select will be checked for t1.z, since + it is only referenced. db_table:{select update} will also be checked at the table level.