From afc4a78a30146a0db415c5c2bbf460e5a576d70f Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Mon, 3 Dec 2018 11:40:49 -0500 Subject: [PATCH] Refactor documentation about privileges to centralize the info. Expand section 5.6 "Privileges" to include the full definition of each privilege type, and an explanation of aclitem privilege displays, along with some helpful summary tables. Most of this material came out of the GRANT reference page, although some of it is new. Adjust a bunch of links that were pointing to GRANT to point to 5.6. Fabien Coelho and Tom Lane, reviewed by Bradley DeJong Discussion: https://postgr.es/m/alpine.DEB.2.21.1807311735200.20743@lancre --- doc/src/sgml/catalogs.sgml | 54 +- doc/src/sgml/ddl.sgml | 529 +++++++++++++++++- doc/src/sgml/func.sgml | 41 +- .../sgml/ref/alter_default_privileges.sgml | 7 +- doc/src/sgml/ref/create_function.sgml | 2 +- doc/src/sgml/ref/grant.sgml | 312 +---------- doc/src/sgml/ref/psql-ref.sgml | 14 +- doc/src/sgml/ref/revoke.sgml | 20 +- 8 files changed, 589 insertions(+), 390 deletions(-) diff --git a/doc/src/sgml/catalogs.sgml b/doc/src/sgml/catalogs.sgml index c134bca809..18c38e42de 100644 --- a/doc/src/sgml/catalogs.sgml +++ b/doc/src/sgml/catalogs.sgml @@ -1973,10 +1973,7 @@ SCRAM-SHA-256$<iteration count>:&l aclitem[] - Access privileges; see - and - - for details + Access privileges; see for details @@ -2679,10 +2676,7 @@ SCRAM-SHA-256$<iteration count>:&l aclitem[] - Access privileges; see - and - - for details + Access privileges; see for details @@ -3491,10 +3485,7 @@ SCRAM-SHA-256$<iteration count>:&l aclitem[] - Access privileges; see - and - - for details + Access privileges; see for details @@ -3587,10 +3578,7 @@ SCRAM-SHA-256$<iteration count>:&l aclitem[] - Access privileges; see - and - - for details + Access privileges; see for details @@ -4052,9 +4040,7 @@ SCRAM-SHA-256$<iteration count>:&l The initial access privileges; see - and - - for details + for details @@ -4179,10 +4165,7 @@ SCRAM-SHA-256$<iteration count>:&l aclitem[] - Access privileges; see - and - - for details + Access privileges; see for details @@ -4319,10 +4302,7 @@ SCRAM-SHA-256$<iteration count>:&l aclitem[] - Access privileges; see - and - - for details + Access privileges; see for details @@ -4386,10 +4366,7 @@ SCRAM-SHA-256$<iteration count>:&l aclitem[] - Access privileges; see - and - - for details + Access privileges; see for details @@ -5396,10 +5373,7 @@ SCRAM-SHA-256$<iteration count>:&l aclitem[] - Access privileges; see - and - - for details + Access privileges; see for details @@ -6810,10 +6784,7 @@ SCRAM-SHA-256$<iteration count>:&l aclitem[] - Access privileges; see - and - - for details + Access privileges; see for details @@ -7923,10 +7894,7 @@ SCRAM-SHA-256$<iteration count>:&l aclitem[] - Access privileges; see - and - - for details + Access privileges; see for details diff --git a/doc/src/sgml/ddl.sgml b/doc/src/sgml/ddl.sgml index bfe89ef8ae..676a87aeb9 100644 --- a/doc/src/sgml/ddl.sgml +++ b/doc/src/sgml/ddl.sgml @@ -1396,6 +1396,10 @@ ALTER TABLE products RENAME TO items; REVOKE + + ACL + + When an object is created, it is assigned an owner. The owner is normally the role that executed the creation statement. @@ -1413,11 +1417,9 @@ ALTER TABLE products RENAME TO items; EXECUTE, and USAGE. The privileges applicable to a particular object vary depending on the object's type (table, function, etc). - For complete information on the different types of privileges - supported by PostgreSQL, refer to the - reference - page. The following sections and chapters will also show you how - those privileges are used. + More detail about the meanings of these privileges appears below. + The following sections and chapters will also show you how + these privileges are used. @@ -1427,15 +1429,17 @@ ALTER TABLE products RENAME TO items; An object can be assigned to a new owner with an ALTER - command of the appropriate kind for the object, e.g. . Superusers can always do - this; ordinary roles can only do it if they are both the current owner - of the object (or a member of the owning role) and a member of the new - owning role. + command of the appropriate kind for the object, for example + +ALTER TABLE table_name OWNER TO new_owner; + + Superusers can always do this; ordinary roles can only do it if they are + both the current owner of the object (or a member of the owning role) and + a member of the new owning role. - To assign privileges, the GRANT command is + To assign privileges, the command is used. For example, if joe is an existing role, and accounts is an existing table, the privilege to update the table can be granted with: @@ -1456,7 +1460,7 @@ GRANT UPDATE ON accounts TO joe; To revoke a privilege, use the fittingly named - REVOKE command: + command: REVOKE ALL ON accounts FROM PUBLIC; @@ -1478,6 +1482,507 @@ REVOKE ALL ON accounts FROM PUBLIC; privilege. For details see the and reference pages. + + + The available privileges are: + + + + SELECT + + + Allows from + any column, or specific column(s), of a table, view, materialized + view, or other table-like object. + Also allows use of TO. + This privilege is also needed to reference existing column values in + or . + For sequences, this privilege also allows use of the + currval function. + For large objects, this privilege allows the object to be read. + + + + + + INSERT + + + Allows of a new row into a table, view, + etc. Can be granted on specific column(s), in which case + only those columns may be assigned to in the INSERT + command (other columns will therefore receive default values). + Also allows use of FROM. + + + + + + UPDATE + + + Allows of any + column, or specific column(s), of a table, view, etc. + (In practice, any nontrivial UPDATE command will + require SELECT privilege as well, since it must + reference table columns to determine which rows to update, and/or to + compute new values for columns.) + SELECT ... FOR UPDATE + and SELECT ... FOR SHARE + also require this privilege on at least one column, in addition to the + SELECT privilege. For sequences, this + privilege allows use of the nextval and + setval functions. + For large objects, this privilege allows writing or truncating the + object. + + + + + + DELETE + + + Allows of a row from a table, view, etc. + (In practice, any nontrivial DELETE command will + require SELECT privilege as well, since it must + reference table columns to determine which rows to delete.) + + + + + + TRUNCATE + + + Allows on a table, view, etc. + + + + + + REFERENCES + + + Allows creation of a foreign key constraint referencing a + table, or specific column(s) of a table. + + + + + + TRIGGER + + + Allows creation of a trigger on a table, view, etc. + + + + + + CREATE + + + For databases, allows new schemas and publications to be created within + the database. + + + For schemas, allows new objects to be created within the schema. + To rename an existing object, you must own the + object and have this privilege for the containing + schema. + + + For tablespaces, allows tables, indexes, and temporary files to be + created within the tablespace, and allows databases to be created that + have the tablespace as their default tablespace. (Note that revoking + this privilege will not alter the placement of existing objects.) + + + + + + CONNECT + + + Allows the grantee to connect to the database. This + privilege is checked at connection startup (in addition to checking + any restrictions imposed by pg_hba.conf). + + + + + + TEMPORARY + + + Allows temporary tables to be created while using the database. + + + + + + EXECUTE + + + Allows calling a function or procedure, including use of + any operators that are implemented on top of the function. This is the + only type of privilege that is applicable to functions and procedures. + + + + + + USAGE + + + For procedural languages, allows use of the language for + the creation of functions in that language. This is the only type + of privilege that is applicable to procedural languages. + + + For schemas, allows access to objects contained in the + schema (assuming that the objects' own privilege requirements are + also met). Essentially this allows the grantee to look up + objects within the schema. Without this permission, it is still + possible to see the object names, e.g. by querying system catalogs. + Also, after revoking this permission, existing sessions might have + statements that have previously performed this lookup, so this is not + a completely secure way to prevent object access. + + + For sequences, allows use of the + currval and nextval functions. + + + For types and domains, allows use of the type or domain in the + creation of tables, functions, and other schema objects. (Note that + this privilege does not control all usage of the + type, such as values of the type appearing in queries. It only + prevents objects from being created that depend on the type. The + main purpose of this privilege is controlling which users can create + dependencies on a type, which could prevent the owner from changing + the type later.) + + + For foreign-data wrappers, allows creation of new servers using the + foreign-data wrapper. + + + For foreign servers, allows creation of foreign tables using the + server. Grantees may also create, alter, or drop their own user + mappings associated with that server. + + + + + + The privileges required by other commands are listed on the + reference page of the respective command. + + + + PostgreSQL grants privileges on some types of objects to + PUBLIC by default when the objects are created. + No privileges are granted to PUBLIC by default on + tables, + table columns, + sequences, + foreign data wrappers, + foreign servers, + large objects, + schemas, + or tablespaces. + For other types of objects, the default privileges + granted to PUBLIC are as follows: + CONNECT and TEMPORARY (create + temporary tables) privileges for databases; + EXECUTE privilege for functions and procedures; and + USAGE privilege for languages and data types + (including domains). + The object owner can, of course, REVOKE + both default and expressly granted privileges. (For maximum + security, issue the REVOKE in the same transaction that + creates the object; then there is no window in which another user + can use the object.) + Also, these default privilege settings can be overridden using the + command. + + + + shows the one-letter + abbreviations that are used for these privilege types in + ACL (Access Control List) values. + You will see these letters in the output of the + commands listed below, or when looking at ACL columns of system catalogs. + + + + ACL Privilege Abbreviations + + + + Privilege + Abbreviation + Applicable Object Types + + + + + SELECT + r (read) + + LARGE OBJECT, + SEQUENCE, + TABLE (and table-like objects), + table column + + + + INSERT + a (append) + TABLE, table column + + + UPDATE + w (write) + + LARGE OBJECT, + SEQUENCE, + TABLE, + table column + + + + DELETE + d + TABLE + + + TRUNCATE + D + TABLE + + + REFERENCES + x + TABLE, table column + + + TRIGGER + t + TABLE + + + CREATE + C + + DATABASE, + SCHEMA, + TABLESPACE + + + + CONNECT + c + DATABASE + + + TEMPORARY + T + DATABASE + + + EXECUTE + X + FUNCTION, PROCEDURE + + + USAGE + U + + DOMAIN, + FOREIGN DATA WRAPPER, + FOREIGN SERVER, + LANGUAGE, + SCHEMA, + SEQUENCE, + TYPE + + + + +
+ + + summarizes the privileges + available for each type of SQL object, using the abbreviations shown + above. + It also shows the psql command + that can be used to examine privilege settings for each object type. + + + + Summary of Access Privileges + + + + Object Type + All Privileges + Default PUBLIC Privileges + psql Command + + + + + DATABASE + CTc + Tc + \l + + + DOMAIN + U + U + \dD+ + + + FUNCTION or PROCEDURE + X + X + \df+ + + + FOREIGN DATA WRAPPER + U + none + \dew+ + + + FOREIGN SERVER + U + none + \des+ + + + LANGUAGE + U + U + \dL+ + + + LARGE OBJECT + rw + none + + + + SCHEMA + UC + none + \dn+ + + + SEQUENCE + rwU + none + \dp + + + TABLE (and table-like objects) + arwdDxt + none + \dp + + + Table column + arwx + none + \dp + + + TABLESPACE + C + none + \db+ + + + TYPE + U + U + \dT+ + + + +
+ + + + aclitem + + The privileges that have been granted for a particular object are + displayed as a list of aclitem entries, where each + aclitem describes the permissions of one grantee that + have been granted by a particular grantor. For example, + calvin=r*w/hobbes specifies that the role + calvin has the privilege + SELECT (r) with grant option + (*) as well as the non-grantable + privilege UPDATE (w), both granted + by the role hobbes. If calvin + also has some privileges on the same object granted by a different + grantor, those would appear as a separate aclitem entry. + An empty grantee field in an aclitem stands + for PUBLIC. + + + + As an example, suppose that user miriam creates + table mytable and does: + +GRANT SELECT ON mytable TO PUBLIC; +GRANT SELECT, UPDATE, INSERT ON mytable TO admin; +GRANT SELECT (col1), UPDATE (col1) ON mytable TO miriam_rw; + + Then psql's \dp command + would show: + +=> \dp mytable + Access privileges + Schema | Name | Type | Access privileges | Column privileges | Policies +--------+---------+-------+-----------------------+-----------------------+---------- + public | mytable | table | miriam=arwdDxt/miriam+| col1: +| + | | | =r/miriam +| miriam_rw=rw/miriam | + | | | admin=arw/miriam | | +(1 row) + + + + + If the Access privileges column is empty for a given + object, it means the object has default privileges (that is, its + privileges entry in the relevant system catalog is null). Default + privileges always include all privileges for the owner, and can include + some privileges for PUBLIC depending on the object + type, as explained above. The first GRANT + or REVOKE on an object will instantiate the default + privileges (producing, for + example, miriam=arwdDxt/miriam) and then modify them + per the specified request. Similarly, entries are shown in Column + privileges only for columns with nondefault privileges. + (Note: for this purpose, default privileges always means + the built-in default privileges for the object's type. An object whose + privileges have been affected by an ALTER DEFAULT + PRIVILEGES command will always be shown with an explicit + privilege entry that includes the effects of + the ALTER.) + + + + Notice that the owner's implicit grant options are not marked in the + access privileges display. A * will appear only when + grant options have been explicitly granted to someone. + diff --git a/doc/src/sgml/func.sgml b/doc/src/sgml/func.sgml index 112d962824..b3336ea9be 100644 --- a/doc/src/sgml/func.sgml +++ b/doc/src/sgml/func.sgml @@ -16932,21 +16932,11 @@ SELECT has_function_privilege('joeuser', 'myfunc(int, text)', 'execute'); shows the operators - available for the aclitem type, which is the internal - representation of access privileges. An aclitem entry - describes the permissions of a grantee, whether they are grantable - or not, and which grantor granted them. For instance, - calvin=r*w/hobbes specifies that the role - calvin has the grantable privilege - SELECT (r*) and the non-grantable - privilege UPDATE (w), granted by - the role hobbes. An empty grantee stands for - PUBLIC. + available for the aclitem type, which is the catalog + representation of access privileges. See + for information about how to read access privilege values. - - aclitem - acldefault @@ -17015,9 +17005,9 @@ SELECT has_function_privilege('joeuser', 'myfunc(int, text)', 'execute'); acldefault(type, - ownerId) + ownerId) aclitem[] - get the hardcoded default access privileges for an object belonging to ownerId + get the default access privileges for an object belonging to ownerId aclexplode(aclitem[]) @@ -17034,16 +17024,14 @@ SELECT has_function_privilege('joeuser', 'myfunc(int, text)', 'execute'); - acldefault returns the hardcoded default access privileges - for an object of type belonging to role ownerId. - Notice that these are used in the absence of any pg_default_acl - () entry. Default access privileges are described in - and can be overwritten with - . In other words, this function will return - results which may be misleading when the defaults have been overridden. - Type is a CHAR, use + acldefault returns the built-in default access + privileges for an object of type type belonging to + role ownerId. These represent the access + privileges that will be assumed when an object's ACL entry is null. + (The default access privileges are described in .) + The type parameter is a CHAR: write 'c' for COLUMN, - 'r' for relation-like objects such as TABLE or VIEW, + 'r' for TABLE and table-like objects, 's' for SEQUENCE, 'd' for DATABASE, 'f' for FUNCTION or PROCEDURE, @@ -17053,15 +17041,16 @@ SELECT has_function_privilege('joeuser', 'myfunc(int, text)', 'execute'); 't' for TABLESPACE, 'F' for FOREIGN DATA WRAPPER, 'S' for FOREIGN SERVER, + or 'T' for TYPE or DOMAIN. aclexplode returns an aclitem array - as a set rows. Output columns are grantor oid, + as a set of rows. Output columns are grantor oid, grantee oid (0 for PUBLIC), granted privilege as text (SELECT, ...) - and whether the prilivege is grantable as boolean. + and whether the privilege is grantable as boolean. makeaclitem performs the inverse operation. diff --git a/doc/src/sgml/ref/alter_default_privileges.sgml b/doc/src/sgml/ref/alter_default_privileges.sgml index 0c09f1db5c..583f65fad6 100644 --- a/doc/src/sgml/ref/alter_default_privileges.sgml +++ b/doc/src/sgml/ref/alter_default_privileges.sgml @@ -112,7 +112,7 @@ REVOKE [ GRANT OPTION FOR ]
- As explained under , + As explained in , the default privileges for any object type normally grant all grantable permissions to the object owner, and may grant some privileges to PUBLIC as well. However, this behavior can be changed by @@ -173,9 +173,8 @@ REVOKE [ GRANT OPTION FOR ] Use 's \ddp command to obtain information about existing assignments of default privileges. - The meaning of the privilege values is the same as explained for - \dp under - . + The meaning of the privilege display is the same as explained for + \dp in . diff --git a/doc/src/sgml/ref/create_function.sgml b/doc/src/sgml/ref/create_function.sgml index 06be04eb5c..4072543184 100644 --- a/doc/src/sgml/ref/create_function.sgml +++ b/doc/src/sgml/ref/create_function.sgml @@ -761,7 +761,7 @@ $$ LANGUAGE plpgsql Another point to keep in mind is that by default, execute privilege is granted to PUBLIC for newly created functions - (see for more + (see for more information). Frequently you will wish to restrict use of a security definer function to only some users. To do that, you must revoke the default PUBLIC privileges and then grant execute diff --git a/doc/src/sgml/ref/grant.sgml b/doc/src/sgml/ref/grant.sgml index ff64c7a3ba..e98fe86052 100644 --- a/doc/src/sgml/ref/grant.sgml +++ b/doc/src/sgml/ref/grant.sgml @@ -112,16 +112,6 @@ GRANT role_name [, ...] TO - - There is also an option to grant privileges on all objects of the same - type within one or more schemas. This functionality is currently supported - only for tables, sequences, functions, and procedures. ALL - TABLES also affects views and foreign tables, just like the - specific-object GRANT command. ALL - FUNCTIONS also affects aggregate functions, but not procedures, - again just like the specific-object GRANT command. - - The key word PUBLIC indicates that the privileges are to be granted to all roles, including those that might @@ -156,231 +146,35 @@ GRANT role_name [, ...] TO - - PostgreSQL grants default privileges on some types of objects to - PUBLIC. No privileges are granted to - PUBLIC by default on - tables, - table columns, - sequences, - foreign data wrappers, - foreign servers, - large objects, - schemas, - or tablespaces. - For other types of objects, the default privileges - granted to PUBLIC are as follows: - CONNECT and TEMPORARY (create - temporary tables) privileges for databases; - EXECUTE privilege for functions and procedures; and - USAGE privilege for languages and data types - (including domains). - The object owner can, of course, REVOKE - both default and expressly granted privileges. (For maximum - security, issue the REVOKE in the same transaction that - creates the object; then there is no window in which another user - can use the object.) - Also, these initial default privilege settings can be changed using the - - command. - - The possible privileges are: SELECT - - - Allows from - any column, or the specific columns listed, of the specified table, - view, or sequence. - Also allows the use of - TO. - This privilege is also needed to reference existing column values in - or - . - For sequences, this privilege also allows the use of the - currval function. - For large objects, this privilege allows the object to be read. - - - - - INSERT - - - Allows of a new - row into the specified table. If specific columns are listed, - only those columns may be assigned to in the INSERT - command (other columns will therefore receive default values). - Also allows FROM. - - - - - UPDATE - - - Allows of any - column, or the specific columns listed, of the specified table. - (In practice, any nontrivial UPDATE command will require - SELECT privilege as well, since it must reference table - columns to determine which rows to update, and/or to compute new - values for columns.) - SELECT ... FOR UPDATE - and SELECT ... FOR SHARE - also require this privilege on at least one column, in addition to the - SELECT privilege. For sequences, this - privilege allows the use of the nextval and - setval functions. - For large objects, this privilege allows writing or truncating the - object. - - - - - DELETE - - - Allows of a row - from the specified table. - (In practice, any nontrivial DELETE command will require - SELECT privilege as well, since it must reference table - columns to determine which rows to delete.) - - - - - TRUNCATE - - - Allows on - the specified table. - - - - - REFERENCES - - - Allows creation of a foreign key constraint referencing the specified - table, or specified column(s) of the table. (See the - statement.) - - - - - TRIGGER - - - Allows the creation of a trigger on the specified table. (See the - statement.) - - - - - CREATE - - - For databases, allows new schemas and publications to be created within the database. - - - For schemas, allows new objects to be created within the schema. - To rename an existing object, you must own the object and - have this privilege for the containing schema. - - - For tablespaces, allows tables, indexes, and temporary files to be - created within the tablespace, and allows databases to be created that - have the tablespace as their default tablespace. (Note that revoking - this privilege will not alter the placement of existing objects.) - - - - - CONNECT - - - Allows the user to connect to the specified database. This - privilege is checked at connection startup (in addition to checking - any restrictions imposed by pg_hba.conf). - - - - - TEMPORARY - TEMP - - - Allows temporary tables to be created while using the specified database. - - - - - EXECUTE + USAGE - Allows the use of the specified function or procedure and the use of - any operators that are implemented on top of the function. This is the - only type of privilege that is applicable to functions and procedures. - The FUNCTION syntax also works for aggregate - functions. Alternatively, use ROUTINE to refer to a function, - aggregate function, or procedure regardless of what it is. + Specific types of privileges, as defined in . - USAGE + TEMP - For procedural languages, allows the use of the specified language for - the creation of functions in that language. This is the only type - of privilege that is applicable to procedural languages. - - - For schemas, allows access to objects contained in the specified - schema (assuming that the objects' own privilege requirements are - also met). Essentially this allows the grantee to look up - objects within the schema. Without this permission, it is still - possible to see the object names, e.g. by querying the system tables. - Also, after revoking this permission, existing backends might have - statements that have previously performed this lookup, so this is not - a completely secure way to prevent object access. - - - For sequences, this privilege allows the use of the - currval and nextval functions. - - - For types and domains, this privilege allows the use of the type or - domain in the creation of tables, functions, and other schema objects. - (Note that it does not control general usage of the type, - such as values of the type appearing in queries. It only prevents - objects from being created that depend on the type. The main purpose of - the privilege is controlling which users create dependencies on a type, - which could prevent the owner from changing the type later.) - - - For foreign-data wrappers, this privilege allows creation of - new servers using the foreign-data wrapper. - - - For servers, this privilege allows creation of foreign tables using - the server. Grantees may also create, alter, or drop their own - user mappings associated with that server. + Alternative spelling for TEMPORARY. @@ -389,7 +183,7 @@ GRANT role_name [, ...] TO ALL PRIVILEGES - Grant all of the available privileges at once. + Grant all of the privileges available for the object's type. The PRIVILEGES key word is optional in PostgreSQL, though it is required by strict SQL. @@ -397,9 +191,26 @@ GRANT role_name [, ...] TO + - The privileges required by other commands are listed on the - reference page of the respective command. + + The FUNCTION syntax works for plain functions, + aggregate functions, and window functions, but not for procedures; + use PROCEDURE for those. + Alternatively, use ROUTINE to refer to a function, + aggregate function, window function, or procedure regardless of its + precise type. + + + + There is also an option to grant privileges on all objects of the same + type within one or more schemas. This functionality is currently supported + only for tables, sequences, functions, and procedures. ALL + TABLES also affects views and foreign tables, just like the + specific-object GRANT command. ALL + FUNCTIONS also affects aggregate and window functions, but not + procedures, again just like the specific-object GRANT + command. Use ALL ROUTINES to include procedures. @@ -520,79 +331,8 @@ GRANT role_name [, ...] TO - Use 's \dp command - to obtain information about existing privileges for tables and - columns. For example: - -=> \dp mytable - Access privileges - Schema | Name | Type | Access privileges | Column access privileges ---------+---------+-------+-----------------------+-------------------------- - public | mytable | table | miriam=arwdDxt/miriam | col1: - : =r/miriam : miriam_rw=rw/miriam - : admin=arw/miriam -(1 row) - - The entries shown by \dp are interpreted thus: - -rolename=xxxx -- privileges granted to a role - =xxxx -- privileges granted to PUBLIC - - r -- SELECT ("read") - w -- UPDATE ("write") - a -- INSERT ("append") - d -- DELETE - D -- TRUNCATE - x -- REFERENCES - t -- TRIGGER - X -- EXECUTE - U -- USAGE - C -- CREATE - c -- CONNECT - T -- TEMPORARY - arwdDxt -- ALL PRIVILEGES (for tables, varies for other objects) - * -- grant option for preceding privilege - - /yyyy -- role that granted this privilege - - - The above example display would be seen by user miriam after - creating table mytable and doing: - - -GRANT SELECT ON mytable TO PUBLIC; -GRANT SELECT, UPDATE, INSERT ON mytable TO admin; -GRANT SELECT (col1), UPDATE (col1) ON mytable TO miriam_rw; - - - - - For non-table objects there are other \d commands - that can display their privileges. - - - - If the Access privileges column is empty for a given object, - it means the object has default privileges (that is, its privileges column - is null). Default privileges always include all privileges for the owner, - and can include some privileges for PUBLIC depending on the - object type, as explained above. The first GRANT or - REVOKE on an object - will instantiate the default privileges (producing, for example, - {miriam=arwdDxt/miriam}) and then modify them per the - specified request. Similarly, entries are shown in Column access - privileges only for columns with nondefault privileges. - (Note: for this purpose, default privileges always means the - built-in default privileges for the object's type. An object whose - privileges have been affected by an ALTER DEFAULT PRIVILEGES - command will always be shown with an explicit privilege entry that - includes the effects of the ALTER.) - - - - Notice that the owner's implicit grant options are not marked in the - access privileges display. A * will appear only when - grant options have been explicitly granted to someone. + See for more information about specific + privilege types, as well as how to inspect objects' privileges. diff --git a/doc/src/sgml/ref/psql-ref.sgml b/doc/src/sgml/ref/psql-ref.sgml index 47714eb0c8..6c76cf2f00 100644 --- a/doc/src/sgml/ref/psql-ref.sgml +++ b/doc/src/sgml/ref/psql-ref.sgml @@ -1324,8 +1324,8 @@ testdb=> The command is used to set default access privileges. The meaning of the - privilege display is explained under - . + privilege display is explained in + . @@ -1372,7 +1372,7 @@ testdb=> specified, only those servers whose name matches the pattern are listed. If the form \des+ is used, a full description of each server is shown, including the - server's ACL, type, version, options, and description. + server's access privileges, type, version, options, and description. @@ -1425,8 +1425,8 @@ testdb=> If pattern is specified, only those foreign-data wrappers whose name matches the pattern are listed. If the form \dew+ - is used, the ACL, options, and description of the foreign-data - wrapper are also shown. + is used, the access privileges, options, and description of the + foreign-data wrapper are also shown. @@ -1639,8 +1639,8 @@ testdb=> The and commands are used to set access privileges. The meaning of the - privilege display is explained under - . + privilege display is explained in + . diff --git a/doc/src/sgml/ref/revoke.sgml b/doc/src/sgml/ref/revoke.sgml index 5317f8ccba..e96d45e7e3 100644 --- a/doc/src/sgml/ref/revoke.sgml +++ b/doc/src/sgml/ref/revoke.sgml @@ -177,14 +177,6 @@ REVOKE [ ADMIN OPTION FOR ] Notes - - Use 's \dp command to - display the privileges granted on existing tables and columns. See for information about the - format. For non-table objects there are other \d commands - that can display their privileges. - - A user can only revoke privileges that were granted directly by that user. If, for example, user A has granted a privilege with @@ -244,6 +236,11 @@ REVOKE [ ADMIN OPTION FOR ] lead to revoking privileges other than the ones you intended, or not revoking anything at all. + + + See for more information about specific + privilege types, as well as how to inspect objects' privileges. + @@ -293,9 +290,10 @@ REVOKE admins FROM joe; See Also - - - + + + + -- 2.40.0