database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-12-21 05:21:08 +03:00
Code Activity

Clean up to ensure tag completion as required by the newest versions

Browse Source 
of Norm's Modular Style Sheets and jade/docbook.
From Vince Vielhaber <vev@michvhf.com>.
This commit is contained in:
Thomas G. Lockhart
1998-12-29 02:24:47 +00:00
parent 6d7735e7f0
commit a75f2d21a8
115 changed files with 10587 additions and 8000 deletions
Download Patch File Download Diff File Expand all files Collapse all files

850
doc/src/sgml/ref/grant.sgml
View File

@@ -1,226 +1,270 @@
<REFENTRY ID="SQL-GRANT">
<REFMETA>
<REFENTRYTITLE>
GRANT
</REFENTRYTITLE>
<REFMISCINFO>SQL - Language Statements</REFMISCINFO>
</REFMETA>
<REFNAMEDIV>
<REFNAME>
GRANT
</REFNAME>
<REFPURPOSE>
Grants access privilege to a user, a group or all users
</REFPURPOSE>
<REFMETA>
<REFENTRYTITLE>
GRANT
</REFENTRYTITLE>
<REFMISCINFO>SQL - Language Statements</REFMISCINFO>
</REFMETA>
<REFNAMEDIV>
<REFNAME>
GRANT
</REFNAME>
<REFPURPOSE>
Grants access privilege to a user, a group or all users
</REFPURPOSE>
</refnamediv>
<REFSYNOPSISDIV>
<REFSYNOPSISDIVINFO>
<DATE>1998-09-23</DATE>
</REFSYNOPSISDIVINFO>
<SYNOPSIS>
GRANT <REPLACEABLE CLASS="PARAMETER">privilege</REPLACEABLE> [, ...]
ON <REPLACEABLE CLASS="PARAMETER">object</REPLACEABLE> [, ...]
TO { PUBLIC | GROUP <REPLACEABLE CLASS="PARAMETER">group</REPLACEABLE> | <REPLACEABLE CLASS="PARAMETER">username</REPLACEABLE> }
</SYNOPSIS>
<REFSECT2 ID="R2-SQL-GRANT-1">
<REFSECT2INFO>
<DATE>1998-09-23</DATE>
</REFSECT2INFO>
<TITLE>
Inputs
</TITLE>
<PARA>
<VARIABLELIST>
<VARLISTENTRY>
<TERM>
<REPLACEABLE CLASS="PARAMETER">privilege</REPLACEABLE>
</TERM>
<LISTITEM>
<PARA>
The possible privileges are:
</para>
</listitem>
</varlistentry>
<VARLISTENTRY>
<TERM>
SELECT
</TERM>
<LISTITEM>
<PARA>
Access all of the columns of a specific
table/view.
</para>
</listitem>
</varlistentry>
<VARLISTENTRY>
<TERM>
INSERT
</TERM>
<LISTITEM>
<PARA>
Insert data into all columns of a
specific table.
</para>
</listitem>
</varlistentry>
<VARLISTENTRY>
<TERM>
UPDATE
</TERM>
<LISTITEM>
<PARA>
Update all columns of a specific
table.
</para>
</listitem>
</varlistentry>
<VARLISTENTRY>
<TERM>
DELETE
</TERM>
<LISTITEM>
<PARA>
Delete rows from a specific table.
</para>
</listitem>
</varlistentry>
<VARLISTENTRY>
<TERM>
RULE
</TERM>
<LISTITEM>
<PARA>
Define rules on the table/view
(See CREATE RULE statement).
</para>
</listitem>
</varlistentry>
<VARLISTENTRY>
<TERM>
ALL
</TERM>
<LISTITEM>
<PARA>
Grant all privileges.
</para>
</listitem>
</varlistentry>
<VARLISTENTRY>
<TERM>
<REPLACEABLE CLASS="PARAMETER">object</REPLACEABLE>
</TERM>
<LISTITEM>
<PARA>
The name of an object to which to grant access.
The possible objects are:
</para>
<para>
<itemizedlist mark="bullet" spacing="compact">
<listitem>
<para>
table
</para>
</listitem>
<listitem>
<para>
view
</para>
</listitem>
<listitem>
<para>
sequence
</para>
</listitem>
<listitem>
<para>
index
</para>
</listitem>
</itemizedlist>
</para>
</listitem>
</varlistentry>
<REFSYNOPSISDIV>
<REFSYNOPSISDIVINFO>
<DATE>1998-09-23</DATE>
</REFSYNOPSISDIVINFO>
<SYNOPSIS>
GRANT <REPLACEABLE CLASS="PARAMETER">privilege</REPLACEABLE> [, ...]
ON <REPLACEABLE CLASS="PARAMETER">object</REPLACEABLE> [, ...]
TO { PUBLIC | GROUP <REPLACEABLE CLASS="PARAMETER">group</REPLACEABLE> | <REPLACEABLE CLASS="PARAMETER">username</REPLACEABLE> }
</SYNOPSIS>
<VARLISTENTRY>
<TERM>
PUBLIC
</TERM>
<LISTITEM>
<PARA>
A short form representing all users.
</para>
</listitem>
</varlistentry>
<VARLISTENTRY>
<TERM>
GROUP <REPLACEABLE CLASS="PARAMETER">group</REPLACEABLE>
</TERM>
<LISTITEM>
<PARA>
A <REPLACEABLE CLASS="PARAMETER">group</REPLACEABLE> to whom to grant privileges.
In the current release, the group must be created explicitly as described below.
</para>
</listitem>
</varlistentry>
<VARLISTENTRY>
<TERM>
<REPLACEABLE CLASS="PARAMETER">username</REPLACEABLE>
</TERM>
<LISTITEM>
<PARA>
The name of a user to whom grant privileges. PUBLIC is a short form
representing all users.
</para>
</listitem>
</varlistentry>
</VARIABLELIST>
</para>
</REFSECT2>
<REFSECT2 ID="R2-SQL-GRANT-1">
<REFSECT2INFO>
<DATE>1998-09-23</DATE>
</REFSECT2INFO>
<TITLE>
Inputs
</TITLE>
<PARA>
<REFSECT2 ID="R2-SQL-GRANT-2">
<REFSECT2INFO>
<DATE>1998-09-23</DATE>
</REFSECT2INFO>
<TITLE>
Outputs
</TITLE>
<PARA>
<VARIABLELIST>
<VARLISTENTRY>
<TERM>
CHANGE
</TERM>
<LISTITEM>
<PARA>
Message returned if successful.
</para>
</listitem>
</varlistentry>
<VARLISTENTRY>
<TERM>
ERROR: ChangeAcl: class "<REPLACEABLE CLASS="PARAMETER">object</REPLACEABLE>"
not found
</TERM>
<LISTITEM>
<PARA>
Message returned if the specified object is not available or
if it is impossible
to give privileges to the specified group or users.
</para>
</listitem>
</varlistentry>
</VARIABLELIST>
</para>
</REFSECT2>
</REFSYNOPSISDIV>
<VARIABLELIST>
<VARLISTENTRY>
<TERM>
<REPLACEABLE CLASS="PARAMETER">privilege</REPLACEABLE>
</TERM>
<LISTITEM>
<PARA>
The possible privileges are:
<REFSECT1 ID="R1-SQL-GRANT-1">
<REFSECT1INFO>
<DATE>1998-09-23</DATE>
</REFSECT1INFO>
<TITLE>
Description
</TITLE>
<PARA>
GRANT allows the creator of an object to give specific permissions to
all users (PUBLIC) or to a certain user or group.
Users other than the creator don't have any access permission
unless the creator GRANTs permissions, after the object
is created.
</para>
<para>
Once a user has a privilege on an object, he is enabled to exercise
that privilege.
There is no need to GRANT privileges to the creator of
an object, the creator automatically holds ALL privileges, and can
also drop the object.
</para>
<VARIABLELIST>
<VARLISTENTRY>
<TERM>
SELECT
</TERM>
<LISTITEM>
<PARA>
Access all of the columns of a specific
table/view.
<VARLISTENTRY>
<TERM>
INSERT
</TERM>
<LISTITEM>
<PARA>
Insert data into all columns of a
specific table.
<VARLISTENTRY>
<TERM>
UPDATE
</TERM>
<LISTITEM>
<PARA>
Update all columns of a specific
table.
<VARLISTENTRY>
<TERM>
DELETE
</TERM>
<LISTITEM>
<PARA>
Delete rows from a specific table.
<VARLISTENTRY>
<TERM>
RULE
</TERM>
<LISTITEM>
<PARA>
Define rules on the table/view
(See CREATE RULE statement).
<VARLISTENTRY>
<TERM>
ALL
</TERM>
<LISTITEM>
<PARA>
Grant all privileges.
</VARIABLELIST>
<VARLISTENTRY>
<TERM>
<REPLACEABLE CLASS="PARAMETER">object</REPLACEABLE>
</TERM>
<LISTITEM>
<PARA>
The name of an object to which to grant access.
The possible objects are:
<itemizedlist mark="bullet" spacing="compact">
<listitem>
<para>
table
<listitem>
<para>
view
<listitem>
<para>
sequence
<listitem>
<para>
index
</itemizedlist>
<VARLISTENTRY>
<TERM>
PUBLIC
</TERM>
<LISTITEM>
<PARA>
A short form representing all users.
<VARLISTENTRY>
<TERM>
GROUP <REPLACEABLE CLASS="PARAMETER">group</REPLACEABLE>
</TERM>
<LISTITEM>
<PARA>
A <REPLACEABLE CLASS="PARAMETER">group</REPLACEABLE> to whom to grant privileges.
In the current release, the group must be created explicitly as described below.
<VARLISTENTRY>
<TERM>
<REPLACEABLE CLASS="PARAMETER">username</REPLACEABLE>
</TERM>
<LISTITEM>
<PARA>
The name of a user to whom grant privileges. PUBLIC is a short form
representing all users.
</VARIABLELIST>
</REFSECT2>
<REFSECT2 ID="R2-SQL-GRANT-2">
<REFSECT2INFO>
<DATE>1998-09-23</DATE>
</REFSECT2INFO>
<TITLE>
Outputs
</TITLE>
<PARA>
<VARIABLELIST>
<VARLISTENTRY>
<TERM>
CHANGE
</TERM>
<LISTITEM>
<PARA>
Message returned if successful.
<VARLISTENTRY>
<TERM>
ERROR: ChangeAcl: class "<REPLACEABLE CLASS="PARAMETER">object</REPLACEABLE>"
not found
</TERM>
<LISTITEM>
<PARA>
Message returned if the specified object is not available or
if it is impossible
to give privileges to the specified group or users.
</VARIABLELIST>
</REFSECT2>
</REFSYNOPSISDIV>
<REFSECT1 ID="R1-SQL-GRANT-1">
<REFSECT1INFO>
<DATE>1998-09-23</DATE>
</REFSECT1INFO>
<TITLE>
Description
</TITLE>
<PARA>
GRANT allows the creator of an object to give specific permissions to
all users (PUBLIC) or to a certain user or group.
Users other than the creator don't have any access permission
unless the creator GRANTs permissions, after the object
is created.
<para>
Once a user has a privilege on an object, he is enabled to exercise
that privilege.
There is no need to GRANT privileges to the creator of
an object, the creator automatically holds ALL privileges, and can
also drop the object.
<REFSECT2 ID="R2-SQL-GRANT-3">
<REFSECT2INFO>
<DATE>1998-09-23</DATE>
</REFSECT2INFO>
<TITLE>
Notes
</TITLE>
<PARA>
Use the <command>psql \z</command> command
for further information about permissions
on existing objects:
<programlisting>
Database = lusitania
<REFSECT2 ID="R2-SQL-GRANT-3">
<REFSECT2INFO>
<DATE>1998-09-23</DATE>
</REFSECT2INFO>
<TITLE>
Notes
</TITLE>
<PARA>
Use the <command>psql \z</command> command
for further information about permissions
on existing objects:
<programlisting>
Database = lusitania
+------------------+---------------------------------------------+
| Relation | Grant/Revoke Permissions |
+------------------+---------------------------------------------+
@@ -236,177 +280,211 @@ Use the <command>psql \z</command> command
a -- INSERT
R -- RULE
arwR -- ALL
</programlisting>
</programlisting>
<tip>
<para>
Currently, to create a GROUP you have to insert
data manually into table pg_group as:
<programlisting>
INSERT INTO pg_group VALUES ('todos');
CREATE USER miriam IN GROUP todos;
</programlisting>
Refer to REVOKE statements to revoke access privileges.
</tip>
<tip>
<para>
Currently, to create a GROUP you have to insert
data manually into table pg_group as:
<programlisting>
INSERT INTO pg_group VALUES ('todos');
CREATE USER miriam IN GROUP todos;
</programlisting>
Refer to REVOKE statements to revoke access privileges.
</para>
</tip>
</para>
</REFSECT2>
</refsect1>
</REFSECT2>
<REFSECT1 ID="R1-SQL-GRANT-2">
<TITLE>
Usage
</TITLE>
<PARA>
<ProgramListing>
-- grant insert privilege to all users on table films:
--
GRANT INSERT ON films TO PUBLIC;
</programlisting>
<programlisting>
-- grant all privileges to user manuel on view kinds:
--
GRANT ALL ON kinds TO manuel;
</ProgramListing>
</para>
</REFSECT1>
<REFSECT1 ID="R1-SQL-GRANT-2">
<TITLE>
Usage
</TITLE>
<PARA>
<ProgramListing>
-- grant insert privilege to all users on table films:
--
GRANT INSERT ON films TO PUBLIC;
</programlisting>
<programlisting>
-- grant all privileges to user manuel on view kinds:
--
GRANT ALL ON kinds TO manuel;
</ProgramListing>
</REFSECT1>
<REFSECT1 ID="R1-SQL-GRANT-3">
<TITLE>
Compatibility
</TITLE>
<PARA>
</PARA>
<REFSECT2 ID="R2-SQL-GRANT-4">
<REFSECT2INFO>
<DATE>1998-09-23</DATE>
</REFSECT2INFO>
<TITLE>
SQL92
</TITLE>
<PARA>
The <acronym>SQL92</acronym> syntax for GRANT allows setting privileges
for individual columns
within a table, and allows setting a privilege to grant
the same privileges to others.
<SYNOPSIS>
GRANT <REPLACEABLE CLASS="PARAMETER">privilege</REPLACEABLE> [, ...]
ON <REPLACEABLE CLASS="PARAMETER">object</REPLACEABLE> [ ( <REPLACEABLE CLASS="PARAMETER">column</REPLACEABLE> [, ...] ) ] [, ...]
TO { PUBLIC | <REPLACEABLE CLASS="PARAMETER">username</REPLACEABLE> [, ...] }
[ WITH GRANT OPTION ]
</SYNOPSIS>
Fields are compatible with the those in the <acronym>Postgres</acronym>
implementation, with the following additions:
<VARIABLELIST>
<VARLISTENTRY>
<TERM>
<REPLACEABLE CLASS="PARAMETER">privilege</REPLACEABLE>
SELECT
</TERM>
<LISTITEM>
<PARA>
<acronym>SQL92</acronym> permits additional privileges to be specified:
<VARIABLELIST>
<VARLISTENTRY>
<TERM>
REFERENCES
</TERM>
<LISTITEM>
<PARA>
Allowed to reference some or all of the columns of a specific
table/view in integrity constraints.
<VARLISTENTRY>
<TERM>
USAGE
</TERM>
<LISTITEM>
<PARA>
Allowed to use a domain, character set, collation
or translation.
If an object specifies anything other than a table/view,
<REPLACEABLE CLASS="PARAMETER">privilege</REPLACEABLE>
must specify only USAGE.
</variablelist>
<tip>
<para>
Currently, to grant privileges in <productname>Postgres</productname>
to only few columns, you must
create a view having desired columns and then grant privileges
to that view.
</tip>
<VARLISTENTRY>
<TERM>
<REPLACEABLE CLASS="PARAMETER">object</REPLACEABLE>
</TERM>
<LISTITEM>
<PARA>
<variablelist>
<VARLISTENTRY>
<TERM>
<REPLACEABLE CLASS="PARAMETER">object</REPLACEABLE>
</TERM>
<LISTITEM>
<PARA>
<acronym>SQL92</acronym> allows an additional non-functional keyword:
<simplelist>
<member>
[ TABLE ] table
</simplelist>
<VARLISTENTRY>
<TERM>
CHARACTER SET
</TERM>
<LISTITEM>
<PARA>
Allowed to use the specified character set.
<VARLISTENTRY>
<TERM>
COLLATION
</TERM>
<LISTITEM>
<PARA>
Allowed to use the specified collation sequence.
<VARLISTENTRY>
<TERM>
TRANSLATION
</TERM>
<LISTITEM>
<PARA>
Allowed to use the specified character set translation.
<VARLISTENTRY>
<TERM>
DOMAIN
</TERM>
<LISTITEM>
<PARA>
Allowed to use the specified domain.
</variablelist>
<VARLISTENTRY>
<TERM>
WITH GRANT OPTION
</TERM>
<LISTITEM>
<PARA>
Allowed to grant the same privilege to others.
</variablelist>
<REFSECT1 ID="R1-SQL-GRANT-3">
<TITLE>
Compatibility
</TITLE>
<PARA>
</PARA>
<REFSECT2 ID="R2-SQL-GRANT-4">
<REFSECT2INFO>
<DATE>1998-09-23</DATE>
</REFSECT2INFO>
<TITLE>
SQL92
</TITLE>
<PARA>
The <acronym>SQL92</acronym> syntax for GRANT allows setting privileges
for individual columns
within a table, and allows setting a privilege to grant
the same privileges to others.
<SYNOPSIS>
GRANT <REPLACEABLE CLASS="PARAMETER">privilege</REPLACEABLE> [, ...]
ON <REPLACEABLE CLASS="PARAMETER">object</REPLACEABLE> [ ( <REPLACEABLE CLASS="PARAMETER">column</REPLACEABLE> [, ...] ) ] [, ...]
TO { PUBLIC | <REPLACEABLE CLASS="PARAMETER">username</REPLACEABLE> [, ...] }
[ WITH GRANT OPTION ]
</SYNOPSIS>
Fields are compatible with the those in the <acronym>Postgres</acronym>
implementation, with the following additions:
<VARIABLELIST>
<VARLISTENTRY>
<TERM>
<REPLACEABLE CLASS="PARAMETER">privilege</REPLACEABLE>
SELECT
</TERM>
<LISTITEM>
<PARA>
<acronym>SQL92</acronym> permits additional privileges to be specified:
</para>
</listitem>
</varlistentry>
<VARLISTENTRY>
<TERM>
REFERENCES
</TERM>
<LISTITEM>
<PARA>
Allowed to reference some or all of the columns of a specific
table/view in integrity constraints.
</para>
</listitem>
</varlistentry>
<VARLISTENTRY>
<TERM>
USAGE
</TERM>
<LISTITEM>
<PARA>
Allowed to use a domain, character set, collation
or translation.
If an object specifies anything other than a table/view,
<REPLACEABLE CLASS="PARAMETER">privilege</REPLACEABLE>
must specify only USAGE.
</para>
</listitem>
</varlistentry>
</variablelist>
<tip>
<para>
Currently, to grant privileges in <productname>Postgres</productname>
to only few columns, you must
create a view having desired columns and then grant privileges
to that view.
</para>
</tip>
<variablelist>
<VARLISTENTRY>
<TERM>
<REPLACEABLE CLASS="PARAMETER">object</REPLACEABLE>
</TERM>
<LISTITEM>
<PARA>
<variablelist>
<VARLISTENTRY>
<TERM>
<REPLACEABLE CLASS="PARAMETER">object</REPLACEABLE>
</TERM>
<LISTITEM>
<PARA>
<acronym>SQL92</acronym> allows an additional non-functional keyword:
<simplelist>
<member>
[ TABLE ] table
</member>
</simplelist>
</para>
</listitem>
</varlistentry>
<VARLISTENTRY>
<TERM>
CHARACTER SET
</TERM>
<LISTITEM>
<PARA>
Allowed to use the specified character set.
</para>
</listitem>
</varlistentry>
<VARLISTENTRY>
<TERM>
COLLATION
</TERM>
<LISTITEM>
<PARA>
Allowed to use the specified collation sequence.
</para>
</listitem>
</varlistentry>
<VARLISTENTRY>
<TERM>
TRANSLATION
</TERM>
<LISTITEM>
<PARA>
Allowed to use the specified character set translation.
</para>
</listitem>
</varlistentry>
<VARLISTENTRY>
<TERM>
DOMAIN
</TERM>
<LISTITEM>
<PARA>
Allowed to use the specified domain.
</para>
</listitem>
</varlistentry>
<VARLISTENTRY>
<TERM>
WITH GRANT OPTION
</TERM>
<LISTITEM>
<PARA>
Allowed to grant the same privilege to others.
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsect2>
</refsect1>
</REFENTRY>
<!--