mirror of
https://github.com/postgres/postgres.git
synced 2025-07-28 23:42:10 +03:00
Doc: fix old oversights in GRANT/REVOKE documentation.
The GRANTED BY clause in GRANT/REVOKE ROLE has been there since 2005 but was never documented. I'm not sure now whether that was just an oversight or was intentional (given the limited capability of the option). But seeing that pg_dumpall does emit code that uses this option, it seems like not documenting it at all is a bad idea. Also, when we upgraded the syntax to allow CURRENT_USER/SESSION_USER as the privilege recipient, the role form of GRANT was incorrectly not modified to show that, and REVOKE's docs weren't touched at all. Although I'm not that excited about GRANTED BY, the other oversight seems serious enough to justify a back-patch. Discussion: https://postgr.es/m/3070.1581526786@sss.pgh.pa.us
This commit is contained in:
Tom Lane
@ -26,14 +26,14 @@ REVOKE [ GRANT OPTION FOR ]
|
||||
[, ...] | ALL [ PRIVILEGES ] }
|
||||
ON { [ TABLE ] <replaceable class="parameter">table_name</replaceable> [, ...]
|
||||
| ALL TABLES IN SCHEMA <replaceable>schema_name</replaceable> [, ...] }
|
||||
FROM { [ GROUP ] <replaceable class="parameter">role_name</replaceable> | PUBLIC } [, ...]
|
||||
FROM <replaceable class="parameter">role_specification</replaceable> [, ...]
|
||||
[ CASCADE | RESTRICT ]
|
||||
|
||||
REVOKE [ GRANT OPTION FOR ]
|
||||
{ { SELECT | INSERT | UPDATE | REFERENCES } ( <replaceable class="parameter">column_name</replaceable> [, ...] )
|
||||
[, ...] | ALL [ PRIVILEGES ] ( <replaceable class="parameter">column_name</replaceable> [, ...] ) }
|
||||
ON [ TABLE ] <replaceable class="parameter">table_name</replaceable> [, ...]
|
||||
FROM { [ GROUP ] <replaceable class="parameter">role_name</replaceable> | PUBLIC } [, ...]
|
||||
FROM <replaceable class="parameter">role_specification</replaceable> [, ...]
|
||||
[ CASCADE | RESTRICT ]
|
||||
|
||||
REVOKE [ GRANT OPTION FOR ]
|
||||
@ -41,73 +41,81 @@ REVOKE [ GRANT OPTION FOR ]
|
||||
[, ...] | ALL [ PRIVILEGES ] }
|
||||
ON { SEQUENCE <replaceable class="parameter">sequence_name</replaceable> [, ...]
|
||||
| ALL SEQUENCES IN SCHEMA <replaceable>schema_name</replaceable> [, ...] }
|
||||
FROM { [ GROUP ] <replaceable class="parameter">role_name</replaceable> | PUBLIC } [, ...]
|
||||
FROM <replaceable class="parameter">role_specification</replaceable> [, ...]
|
||||
[ CASCADE | RESTRICT ]
|
||||
|
||||
REVOKE [ GRANT OPTION FOR ]
|
||||
{ { CREATE | CONNECT | TEMPORARY | TEMP } [, ...] | ALL [ PRIVILEGES ] }
|
||||
ON DATABASE <replaceable>database_name</replaceable> [, ...]
|
||||
FROM { [ GROUP ] <replaceable class="parameter">role_name</replaceable> | PUBLIC } [, ...]
|
||||
FROM <replaceable class="parameter">role_specification</replaceable> [, ...]
|
||||
[ CASCADE | RESTRICT ]
|
||||
|
||||
REVOKE [ GRANT OPTION FOR ]
|
||||
{ USAGE | ALL [ PRIVILEGES ] }
|
||||
ON DOMAIN <replaceable>domain_name</replaceable> [, ...]
|
||||
FROM { [ GROUP ] <replaceable class="parameter">role_name</replaceable> | PUBLIC } [, ...]
|
||||
FROM <replaceable class="parameter">role_specification</replaceable> [, ...]
|
||||
[ CASCADE | RESTRICT ]
|
||||
|
||||
REVOKE [ GRANT OPTION FOR ]
|
||||
{ USAGE | ALL [ PRIVILEGES ] }
|
||||
ON FOREIGN DATA WRAPPER <replaceable>fdw_name</replaceable> [, ...]
|
||||
FROM { [ GROUP ] <replaceable class="parameter">role_name</replaceable> | PUBLIC } [, ...]
|
||||
FROM <replaceable class="parameter">role_specification</replaceable> [, ...]
|
||||
[ CASCADE | RESTRICT ]
|
||||
|
||||
REVOKE [ GRANT OPTION FOR ]
|
||||
{ USAGE | ALL [ PRIVILEGES ] }
|
||||
ON FOREIGN SERVER <replaceable>server_name</replaceable> [, ...]
|
||||
FROM { [ GROUP ] <replaceable class="parameter">role_name</replaceable> | PUBLIC } [, ...]
|
||||
FROM <replaceable class="parameter">role_specification</replaceable> [, ...]
|
||||
[ CASCADE | RESTRICT ]
|
||||
|
||||
REVOKE [ GRANT OPTION FOR ]
|
||||
{ EXECUTE | ALL [ PRIVILEGES ] }
|
||||
ON { { FUNCTION | PROCEDURE | ROUTINE } <replaceable>function_name</replaceable> [ ( [ [ <replaceable class="parameter">argmode</replaceable> ] [ <replaceable class="parameter">arg_name</replaceable> ] <replaceable class="parameter">arg_type</replaceable> [, ...] ] ) ] [, ...]
|
||||
| ALL { FUNCTIONS | PROCEDURES | ROUTINES } IN SCHEMA <replaceable>schema_name</replaceable> [, ...] }
|
||||
FROM { [ GROUP ] <replaceable class="parameter">role_name</replaceable> | PUBLIC } [, ...]
|
||||
FROM <replaceable class="parameter">role_specification</replaceable> [, ...]
|
||||
[ CASCADE | RESTRICT ]
|
||||
|
||||
REVOKE [ GRANT OPTION FOR ]
|
||||
{ USAGE | ALL [ PRIVILEGES ] }
|
||||
ON LANGUAGE <replaceable>lang_name</replaceable> [, ...]
|
||||
FROM { [ GROUP ] <replaceable class="parameter">role_name</replaceable> | PUBLIC } [, ...]
|
||||
FROM <replaceable class="parameter">role_specification</replaceable> [, ...]
|
||||
[ CASCADE | RESTRICT ]
|
||||
|
||||
REVOKE [ GRANT OPTION FOR ]
|
||||
{ { SELECT | UPDATE } [, ...] | ALL [ PRIVILEGES ] }
|
||||
ON LARGE OBJECT <replaceable class="parameter">loid</replaceable> [, ...]
|
||||
FROM { [ GROUP ] <replaceable class="parameter">role_name</replaceable> | PUBLIC } [, ...]
|
||||
FROM <replaceable class="parameter">role_specification</replaceable> [, ...]
|
||||
[ CASCADE | RESTRICT ]
|
||||
|
||||
REVOKE [ GRANT OPTION FOR ]
|
||||
{ { CREATE | USAGE } [, ...] | ALL [ PRIVILEGES ] }
|
||||
ON SCHEMA <replaceable>schema_name</replaceable> [, ...]
|
||||
FROM { [ GROUP ] <replaceable class="parameter">role_name</replaceable> | PUBLIC } [, ...]
|
||||
FROM <replaceable class="parameter">role_specification</replaceable> [, ...]
|
||||
[ CASCADE | RESTRICT ]
|
||||
|
||||
REVOKE [ GRANT OPTION FOR ]
|
||||
{ CREATE | ALL [ PRIVILEGES ] }
|
||||
ON TABLESPACE <replaceable>tablespace_name</replaceable> [, ...]
|
||||
FROM { [ GROUP ] <replaceable class="parameter">role_name</replaceable> | PUBLIC } [, ...]
|
||||
FROM <replaceable class="parameter">role_specification</replaceable> [, ...]
|
||||
[ CASCADE | RESTRICT ]
|
||||
|
||||
REVOKE [ GRANT OPTION FOR ]
|
||||
{ USAGE | ALL [ PRIVILEGES ] }
|
||||
ON TYPE <replaceable>type_name</replaceable> [, ...]
|
||||
FROM { [ GROUP ] <replaceable class="parameter">role_name</replaceable> | PUBLIC } [, ...]
|
||||
FROM <replaceable class="parameter">role_specification</replaceable> [, ...]
|
||||
[ CASCADE | RESTRICT ]
|
||||
|
||||
REVOKE [ ADMIN OPTION FOR ]
|
||||
<replaceable class="parameter">role_name</replaceable> [, ...] FROM <replaceable class="parameter">role_name</replaceable> [, ...]
|
||||
<replaceable class="parameter">role_name</replaceable> [, ...] FROM <replaceable class="parameter">role_specification</replaceable> [, ...]
|
||||
[ GRANTED BY <replaceable class="parameter">role_specification</replaceable> ]
|
||||
[ CASCADE | RESTRICT ]
|
||||
|
||||
<phrase>where <replaceable class="parameter">role_specification</replaceable> can be:</phrase>
|
||||
|
||||
[ GROUP ] <replaceable class="parameter">role_name</replaceable>
|
||||
| PUBLIC
|
||||
| CURRENT_USER
|
||||
| SESSION_USER
|
||||
</synopsis>
|
||||
</refsynopsisdiv>
|
||||
|
||||
@ -169,8 +177,12 @@ REVOKE [ ADMIN OPTION FOR ]
|
||||
<para>
|
||||
When revoking membership in a role, <literal>GRANT OPTION</literal> is instead
|
||||
called <literal>ADMIN OPTION</literal>, but the behavior is similar.
|
||||
This form of the command also allows a <literal>GRANTED BY</literal>
|
||||
option, but that option is currently ignored (except for checking
|
||||
the existence of the named role).
|
||||
Note also that this form of the command does not
|
||||
allow the noise word <literal>GROUP</literal>.
|
||||
allow the noise word <literal>GROUP</literal>
|
||||
in <replaceable class="parameter">role_specification</replaceable>.
|
||||
</para>
|
||||
</refsect1>
|
||||
|
||||
|
||||
Reference in New Issue
Block a user