mirror of
https://github.com/postgres/postgres.git
synced 2025-07-27 12:41:57 +03:00
Restructure AclItem representation so that we can have more than eight
different privilege bits (might as well make use of the space we were wasting on padding). EXECUTE and USAGE bits for procedures, languages now are separate privileges instead of being overlaid on SELECT. Add privileges for namespaces and databases. The GRANT and REVOKE commands work for these object types, but we don't actually enforce the privileges yet...
This commit is contained in:
Tom Lane
@ -1,6 +1,6 @@
|
||||
<!--
|
||||
Documentation of the system catalogs, directed toward PostgreSQL developers
|
||||
$Header: /cvsroot/pgsql/doc/src/sgml/catalogs.sgml,v 2.42 2002/04/16 23:08:09 tgl Exp $
|
||||
$Header: /cvsroot/pgsql/doc/src/sgml/catalogs.sgml,v 2.43 2002/04/21 00:26:42 tgl Exp $
|
||||
-->
|
||||
|
||||
<chapter id="catalogs">
|
||||
@ -825,7 +825,7 @@
|
||||
<entry>
|
||||
If true then this database can be used in the
|
||||
<quote>TEMPLATE</quote> clause of <command>CREATE
|
||||
DATABASE</command> to create the new database as a clone of
|
||||
DATABASE</command> to create a new database as a clone of
|
||||
this one.
|
||||
</entry>
|
||||
</row>
|
||||
@ -890,6 +890,13 @@
|
||||
<entry></entry>
|
||||
<entry>Session defaults for run-time configuration variables</entry>
|
||||
</row>
|
||||
|
||||
<row>
|
||||
<entry>datacl</entry>
|
||||
<entry><type>aclitem[]</type></entry>
|
||||
<entry></entry>
|
||||
<entry>Access permissions</entry>
|
||||
</row>
|
||||
</tbody>
|
||||
</tgroup>
|
||||
</table>
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
$Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.21 2002/02/21 22:39:36 momjian Exp $
|
||||
$Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.22 2002/04/21 00:26:42 tgl Exp $
|
||||
PostgreSQL documentation
|
||||
-->
|
||||
|
||||
@ -18,7 +18,11 @@ PostgreSQL documentation
|
||||
<synopsis>
|
||||
GRANT { { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRIGGER }
|
||||
[,...] | ALL [ PRIVILEGES ] }
|
||||
ON [ TABLE ] <replaceable class="PARAMETER">objectname</replaceable> [, ...]
|
||||
ON [ TABLE ] <replaceable class="PARAMETER">tablename</replaceable> [, ...]
|
||||
TO { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
|
||||
|
||||
GRANT { { CREATE | TEMPORARY | TEMP } [,...] | ALL [ PRIVILEGES ] }
|
||||
ON DATABASE <replaceable>dbname</replaceable> [, ...]
|
||||
TO { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
|
||||
|
||||
GRANT { EXECUTE | ALL [ PRIVILEGES ] }
|
||||
@ -28,6 +32,10 @@ GRANT { EXECUTE | ALL [ PRIVILEGES ] }
|
||||
GRANT { USAGE | ALL [ PRIVILEGES ] }
|
||||
ON LANGUAGE <replaceable>langname</replaceable> [, ...]
|
||||
TO { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
|
||||
|
||||
GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
|
||||
ON SCHEMA <replaceable>schemaname</replaceable> [, ...]
|
||||
TO { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
|
||||
</synopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
@ -36,7 +44,8 @@ GRANT { USAGE | ALL [ PRIVILEGES ] }
|
||||
|
||||
<para>
|
||||
The <command>GRANT</command> command gives specific permissions on
|
||||
an object (table, view, sequence, function, procedural language) to
|
||||
an object (table, view, sequence, database, function, procedural language,
|
||||
or schema) to
|
||||
one or more users or groups of users. These permissions are added
|
||||
to those already granted, if any.
|
||||
</para>
|
||||
@ -144,6 +153,29 @@ GRANT { USAGE | ALL [ PRIVILEGES ] }
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>CREATE</term>
|
||||
<listitem>
|
||||
<para>
|
||||
For databases, allows new schemas to be created in the database.
|
||||
</para>
|
||||
<para>
|
||||
For schemas, allows new objects to be created within the specified
|
||||
schema.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>TEMPORARY</term>
|
||||
<term>TEMP</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Allows temporary tables to be created while using the database.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term>EXECUTE</term>
|
||||
<listitem>
|
||||
@ -159,10 +191,16 @@ GRANT { USAGE | ALL [ PRIVILEGES ] }
|
||||
<term>USAGE</term>
|
||||
<listitem>
|
||||
<para>
|
||||
Allows the use of the specified procedural language for the
|
||||
creation of functions in that language. This is the only type
|
||||
For procedural languages, allows the use of the specified language for
|
||||
the creation of functions in that language. This is the only type
|
||||
of privilege that is applicable to procedural languages.
|
||||
</para>
|
||||
<para>
|
||||
For schemas, allows the use of objects contained in the specified
|
||||
schema (assuming that the objects' own privilege requirements are
|
||||
met). Essentially this allows the grantee to <quote>look up</>
|
||||
objects within the schema.
|
||||
</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
@ -226,7 +264,11 @@ GRANT { USAGE | ALL [ PRIVILEGES ] }
|
||||
R -- RULE
|
||||
x -- REFERENCES
|
||||
t -- TRIGGER
|
||||
arwdRxt -- ALL PRIVILEGES
|
||||
X -- EXECUTE
|
||||
U -- USAGE
|
||||
C -- CREATE
|
||||
T -- TEMPORARY
|
||||
arwdRxt -- ALL PRIVILEGES (for tables)
|
||||
</programlisting>
|
||||
</para>
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
<!--
|
||||
$Header: /cvsroot/pgsql/doc/src/sgml/ref/revoke.sgml,v 1.21 2002/02/21 22:39:36 momjian Exp $
|
||||
$Header: /cvsroot/pgsql/doc/src/sgml/ref/revoke.sgml,v 1.22 2002/04/21 00:26:42 tgl Exp $
|
||||
PostgreSQL documentation
|
||||
-->
|
||||
|
||||
@ -18,7 +18,11 @@ PostgreSQL documentation
|
||||
<synopsis>
|
||||
REVOKE { { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRIGGER }
|
||||
[,...] | ALL [ PRIVILEGES ] }
|
||||
ON [ TABLE ] <replaceable class="PARAMETER">object</replaceable> [, ...]
|
||||
ON [ TABLE ] <replaceable class="PARAMETER">tablename</replaceable> [, ...]
|
||||
FROM { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
|
||||
|
||||
REVOKE { { CREATE | TEMPORARY | TEMP } [,...] | ALL [ PRIVILEGES ] }
|
||||
ON DATABASE <replaceable>dbname</replaceable> [, ...]
|
||||
FROM { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
|
||||
|
||||
REVOKE { EXECUTE | ALL [ PRIVILEGES ] }
|
||||
@ -28,6 +32,10 @@ REVOKE { EXECUTE | ALL [ PRIVILEGES ] }
|
||||
REVOKE { USAGE | ALL [ PRIVILEGES ] }
|
||||
ON LANGUAGE <replaceable>langname</replaceable> [, ...]
|
||||
FROM { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
|
||||
|
||||
REVOKE { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
|
||||
ON SCHEMA <replaceable>schemaname</replaceable> [, ...]
|
||||
FROM { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
|
||||
</synopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user