database/postgres
database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-04-24 10:47:04 +03:00
Code
postgres/doc/src/sgml/ref/revoke.sgml
Thomas G. Lockhart 1ac838edba Minor updates for release. 
Split reference pages for CREATE TABLE AS and SELECT INTO to allow psgml
 (the emacs parser) to handle parsing.
1999-06-14 07:37:05 +00:00

410 lines
8.9 KiB
Plaintext
Raw Blame History

<refentry id="SQL-REVOKE">
<refmeta>
<refentrytitle>
REVOKE
</refentrytitle>
<refmiscinfo>SQL - Language Statements</refmiscinfo>
</refmeta>
<refnamediv>
<refname>
REVOKE
</refname>
<refpurpose>
Revokes access privilege from a user, a group or all users.
</refpurpose>
</refnamediv>
<refsynopsisdiv>
<refsynopsisdivinfo>
<date>1998-09-24</date>
</refsynopsisdivinfo>
<synopsis>
REVOKE <replaceable class="PARAMETER">privilege</replaceable> [, ...]
ON <replaceable class="PARAMETER">object</replaceable> [, ...]
FROM { PUBLIC | GROUP <replaceable class="PARAMETER">ER">g</replaceable>BLE> | <replaceable class="PARAMETER">username</replaceable> }
</synopsis>
<refsect2 id="R2-SQL-REVOKE-1">
<refsect2info>
<date>1998-09-24</date>
</refsect2info>
<title>
Inputs
</title>
<para>
<variablelist>
<varlistentry>
<term>
<replaceable class="PARAMETER">privilege</replaceable>
</term>
<listitem>
<para>
The possible privileges are:
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
SELECT
</term>
<listitem>
<para>
Privilege to access all of the columns of a specific
table/view.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
INSERT
</term>
<listitem>
<para>
Privilege to insert data into all columns of a
specific table.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
UPDATE
</term>
<listitem>
<para>
Privilege to update all columns of a specific
table.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
DELETE
</term>
<listitem>
<para>
Privilege to delete rows from a specific table.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
RULE
</term>
<listitem>
<para>
Privilege to define rules on table/view.
(See <command>CREATE RULE</command>).
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
ALL
</term>
<listitem>
<para>
Rescind all privileges.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<replaceable class="PARAMETER">object</replaceable>
</term>
<listitem>
<para>
The name of an object from which to revoke access.
The possible objects are:
<itemizedlist spacing="compact" mark="bullet">
<listitem>
<para>
table
</para>
</listitem>
<listitem>
<para>
view
</para>
</listitem>
<listitem>
<para>
sequence
</para>
</listitem>
<listitem>
<para>
index
</para>
</listitem>
</itemizedlist>
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<replaceable class="PARAMETER">group</replaceable>
</term>
<listitem>
<para>
The name of a group from whom to revoke privileges.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<replaceable class="PARAMETER">username</replaceable>
</term>
<listitem>
<para>
The name of a user from whom revoke privileges. Use the PUBLIC keyword
to specify all users.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
PUBLIC
</term>
<listitem>
<para>
Rescind the specified privilege(s) for all users.
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsect2>
<refsect2 id="R2-SQL-REVOKE-2">
<refsect2info>
<date>1998-09-24</date>
</refsect2info>
<title>
Outputs
</title>
<para>
<variablelist>
<varlistentry>
<term>
CHANGE
</term>
<listitem>
<para>
Message returned if successfully.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
ERROR
</term>
<listitem>
<para>
Message returned if object is not available or impossible
to revoke privileges from a group or users.
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
</refsect2>
</refsynopsisdiv>
<refsect1 id="R1-SQL-REVOKE-1">
<refsect1info>
<date>1998-09-24</date>
</refsect1info>
<title>
Description
</title>
<para>
REVOKE allows creator of an object to revoke permissions granted
before, from all users (via PUBLIC) or a certain user or group.
</para>
<refsect2 id="R2-SQL-REVOKE-3">
<refsect2info>
<date>1998-09-24</date>
</refsect2info>
<title>
Notes
</title>
<para>
Refer to psql \z command for further information about permissions
on existing objects:
<programlisting>
Database = lusitania
+------------------+---------------------------------------------+
| Relation | Grant/Revoke Permissions |
+------------------+---------------------------------------------+
| mytable | {"=rw","miriam=arwR","group todos=rw"} |
+------------------+---------------------------------------------+
Legend:
uname=arwR -- privileges granted to a user
group gname=arwR -- privileges granted to a GROUP
=arwR -- privileges granted to PUBLIC
r -- SELECT
w -- UPDATE/DELETE
a -- INSERT
R -- RULE
arwR -- ALL
</programlisting>
</para>
<tip>
<para>
Currently, to create a GROUP you have to insert
data manually into table pg_group as:
<programlisting>
INSERT INTO pg_group VALUES ('todos');
CREATE USER miriam IN GROUP todos;
</programlisting>
</para>
</tip>
</refsect2>
</refsect1>
<refsect1 id="R1-SQL-REVOKE-2">
<title>
Usage
</title>
<para>
<programlisting>
-- revoke insert privilege from all users on table films:
--
REVOKE INSERT ON films FROM PUBLIC;
</programlisting>
<programlisting>
-- revoke all privileges from user manuel on view kinds:
--
REVOKE ALL ON kinds FROM manuel;
</programlisting>
</para>
</refsect1>
<refsect1 id="R1-SQL-REVOKE-3">
<title>
Compatibility
</title>
<refsect2 id="R2-SQL-REVOKE-4">
<refsect2info>
<date>1998-09-01</date>
</refsect2info>
<title>
SQL92
</title>
<para>
The SQL92 syntax for <command>REVOKE</command>
has additional capabilities for rescinding
privileges, including those on individual columns in tables:
<variablelist>
<varlistentry>
<term>
<synopsis>
REVOKE { SELECT | DELETE | USAGE | ALL PRIVILEGES } [, ...]
ON <replaceable class="parameter">object</replaceable>
FROM { PUBLIC | <replaceable class="parameter">username</replaceable> [, ...] } { RESTRICT | CASCADE }
REVOKE { INSERT | UPDATE | REFERENCES } [, ...] [ ( <replaceable class="parameter">column</replaceable> [, ...] ) ]
ON <replaceable class="parameter">object</replaceable>
FROM { PUBLIC | <replaceable class="parameter">username</replaceable> [, ...] } { RESTRICT | CASCADE }
</synopsis>
</term>
<listitem>
<para>
Refer to <command>GRANT</command> for details on individual fields.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<synopsis>
REVOKE GRANT OPTION FOR <replaceable class="parameter">privilege</replaceable> [, ...]
ON <replaceable class="parameter">object</replaceable>
FROM { PUBLIC | <replaceable class="parameter">username</replaceable> [, ...] } { RESTRICT | CASCADE }
</synopsis>
</term>
<listitem>
<para>
Rescinds authority for a user to grant the specified privilege
to others.
Refer to the <command>GRANT</command> command for details
on individual fields.
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
<para>
The possible objects are:
<simplelist>
<member>
[ TABLE ] table/view
</member>
<member>
CHARACTER SET character-set
</member>
<member>
COLLATION collation
</member>
<member>
TRANSLATION translation
</member>
<member>
DOMAIN domain
</member>
</simplelist>
</para>
<para>
If user1 gives a privilege WITH GRANT OPTION to user2,
and user2 gives it to user3 then user1 can revoke
this privilege in cascade using the CASCADE keyword.
</para>
<para>
If user1 gives a privilege WITH GRANT OPTION to user2,
and user2 gives it to user3 then if user1 try revoke
this privilege it fails if he/she specify the RESTRICT
keyword.
</para>
</refsect2>
</refsect1>
</refentry>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:nil
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
sgml-parent-document:nil
sgml-default-dtd-file:"../reference.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:"/usr/lib/sgml/catalog"
sgml-local-ecat-files:nil
End:
-->
View Git Blame Copy Permalink