mirror of
https://github.com/postgres/postgres.git
synced 2025-04-25 21:42:33 +03:00
b0bcf8aab2
different privilege bits (might as well make use of the space we were wasting on padding). EXECUTE and USAGE bits for procedures, languages now are separate privileges instead of being overlaid on SELECT. Add privileges for namespaces and databases. The GRANT and REVOKE commands work for these object types, but we don't actually enforce the privileges yet...
155 lines
5.0 KiB
Plaintext
155 lines
5.0 KiB
Plaintext
<!--
|
|
$Header: /cvsroot/pgsql/doc/src/sgml/ref/revoke.sgml,v 1.22 2002/04/21 00:26:42 tgl Exp $
|
|
PostgreSQL documentation
|
|
-->
|
|
|
|
<refentry id="SQL-REVOKE">
|
|
<refmeta>
|
|
<refentrytitle id="sql-revoke-title">REVOKE</refentrytitle>
|
|
<refmiscinfo>SQL - Language Statements</refmiscinfo>
|
|
</refmeta>
|
|
|
|
<refnamediv>
|
|
<refname>REVOKE</refname>
|
|
<refpurpose>remove access privileges</refpurpose>
|
|
</refnamediv>
|
|
|
|
<refsynopsisdiv>
|
|
<synopsis>
|
|
REVOKE { { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRIGGER }
|
|
[,...] | ALL [ PRIVILEGES ] }
|
|
ON [ TABLE ] <replaceable class="PARAMETER">tablename</replaceable> [, ...]
|
|
FROM { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
|
|
|
|
REVOKE { { CREATE | TEMPORARY | TEMP } [,...] | ALL [ PRIVILEGES ] }
|
|
ON DATABASE <replaceable>dbname</replaceable> [, ...]
|
|
FROM { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
|
|
|
|
REVOKE { EXECUTE | ALL [ PRIVILEGES ] }
|
|
ON FUNCTION <replaceable>funcname</replaceable> ([<replaceable>type</replaceable>, ...]) [, ...]
|
|
FROM { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
|
|
|
|
REVOKE { USAGE | ALL [ PRIVILEGES ] }
|
|
ON LANGUAGE <replaceable>langname</replaceable> [, ...]
|
|
FROM { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
|
|
|
|
REVOKE { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
|
|
ON SCHEMA <replaceable>schemaname</replaceable> [, ...]
|
|
FROM { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
|
|
</synopsis>
|
|
</refsynopsisdiv>
|
|
|
|
<refsect1 id="SQL-REVOKE-description">
|
|
<title>Description</title>
|
|
|
|
<para>
|
|
<command>REVOKE</command> allows the creator of an object to revoke
|
|
previously granted permissions from one or more users or groups of users.
|
|
The key word <literal>PUBLIC</literal> refers to the implicitly defined
|
|
group of all users.
|
|
</para>
|
|
|
|
<para>
|
|
Note that any particular user will have the sum
|
|
of privileges granted directly to him, privileges granted to any group he
|
|
is presently a member of, and privileges granted to
|
|
<literal>PUBLIC</literal>. Thus, for example, revoking SELECT privilege
|
|
from <literal>PUBLIC</literal> does not necessarily mean that all users
|
|
have lost SELECT privilege on the object: those who have it granted
|
|
directly or via a group will still have it.
|
|
</para>
|
|
|
|
<para>
|
|
See the description of the <xref linkend="sql-grant" endterm="sql-grant-title"> command for
|
|
the meaning of the privilege types.
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1 id="SQL-REVOKE-notes">
|
|
<title>Notes</title>
|
|
|
|
<para>
|
|
Use <xref linkend="app-psql">'s <command>\z</command> command to
|
|
display the privileges granted on existing objects. See also <xref
|
|
linkend="sql-grant"> for information about the format.
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1 id="SQL-REVOKE-examples">
|
|
<title>Examples</title>
|
|
|
|
<para>
|
|
Revoke insert privilege for the public on table
|
|
<literal>films</literal>:
|
|
|
|
<programlisting>
|
|
REVOKE INSERT ON films FROM PUBLIC;
|
|
</programlisting>
|
|
</para>
|
|
|
|
<para>
|
|
Revoke all privileges from user <literal>manuel</literal> on view <literal>kinds</literal>:
|
|
|
|
<programlisting>
|
|
REVOKE ALL PRIVILEGES ON kinds FROM manuel;
|
|
</programlisting>
|
|
</para>
|
|
</refsect1>
|
|
|
|
<refsect1 id="SQL-REVOKE-compatibility">
|
|
<title>Compatibility</title>
|
|
|
|
<refsect2>
|
|
<title>SQL92</title>
|
|
|
|
<para>
|
|
The compatibility notes of the <xref linkend="sql-grant" endterm="sql-grant-title"> command
|
|
apply analogously to <command>REVOKE</command>. The syntax summary is:
|
|
|
|
<synopsis>
|
|
REVOKE [ GRANT OPTION FOR ] { SELECT | INSERT | UPDATE | DELETE | REFERENCES }
|
|
ON <replaceable class="parameter">object</replaceable> [ ( <replaceable class="parameter">column</replaceable> [, ...] ) ]
|
|
FROM { PUBLIC | <replaceable class="parameter">username</replaceable> [, ...] }
|
|
{ RESTRICT | CASCADE }
|
|
</synopsis>
|
|
</para>
|
|
|
|
<para>
|
|
If user1 gives a privilege WITH GRANT OPTION to user2,
|
|
and user2 gives it to user3 then user1 can revoke
|
|
this privilege in cascade using the CASCADE keyword.
|
|
If user1 gives a privilege WITH GRANT OPTION to user2,
|
|
and user2 gives it to user3, then if user1 tries to revoke
|
|
this privilege it fails if he specifies the RESTRICT
|
|
keyword.
|
|
</para>
|
|
</refsect2>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>See Also</title>
|
|
|
|
<simpara>
|
|
<xref linkend="sql-grant">
|
|
</simpara>
|
|
</refsect1>
|
|
|
|
</refentry>
|
|
|
|
<!-- Keep this comment at the end of the file
|
|
Local variables:
|
|
mode: sgml
|
|
sgml-omittag:nil
|
|
sgml-shorttag:t
|
|
sgml-minimize-attributes:nil
|
|
sgml-always-quote-attributes:t
|
|
sgml-indent-step:1
|
|
sgml-indent-data:t
|
|
sgml-parent-document:nil
|
|
sgml-default-dtd-file:"../reference.ced"
|
|
sgml-exposed-tags:nil
|
|
sgml-local-catalogs:"/usr/lib/sgml/catalog"
|
|
sgml-local-ecat-files:nil
|
|
End:
|
|
-->
|