rdelaage/postgresql
1
0
Fork 0
mirror of https://git.postgresql.org/git/postgresql.git synced 2024-07-23 17:49:38 +02:00
Code Issues Packages Projects Releases Wiki Activity
5e84d58e70
postgresql/doc/src/sgml/ref/revoke.sgml

385 lines
8.4 KiB
Plaintext
Raw Normal View History

Add new files from Oliver and Thomas.
1998-09-01 17:53:09 +02:00
<REFENTRY ID="SQL-REVOKE">
<REFMETA>
<REFENTRYTITLE>
REVOKE
</REFENTRYTITLE>
<REFMISCINFO>SQL - Language Statements</REFMISCINFO>
</REFMETA>
<REFNAMEDIV>
<REFNAME>
REVOKE
</REFNAME>
<REFPURPOSE>
Revokes access privilege from a user, a group or all users.
</REFPURPOSE>
Clean up to ensure tag completion as required by the newest versions of Norm's Modular Style Sheets and jade/docbook. From Vince Vielhaber <vev@michvhf.com>.
1998-12-29 03:24:47 +01:00
</refnamediv>
Add new files from Oliver and Thomas.
1998-09-01 17:53:09 +02:00
<REFSYNOPSISDIV>
<REFSYNOPSISDIVINFO>
Cleanup markup and minor editing to prepare for first release.
1998-09-25 15:42:46 +02:00
<DATE>1998-09-24</DATE>
Add new files from Oliver and Thomas.
1998-09-01 17:53:09 +02:00
</REFSYNOPSISDIVINFO>
<SYNOPSIS>
<REPLACEABLE CLASS="PARAMETER">
</REPLACEABLE>
REVOKE <REPLACEABLE CLASS="PARAMETER">privilege</REPLACEABLE> [, ...]
ON <REPLACEABLE CLASS="PARAMETER">object</REPLACEABLE> [, ...]
FROM { PUBLIC | GROUP <REPLACEABLE CLASS="PARAMETER">group</REPLACEABLE> | <REPLACEABLE CLASS="PARAMETER">username</REPLACEABLE> }
</SYNOPSIS>
Clean up to ensure tag completion as required by the newest versions of Norm's Modular Style Sheets and jade/docbook. From Vince Vielhaber <vev@michvhf.com>.
1998-12-29 03:24:47 +01:00
<REFSECT2 ID="R2-SQL-REVOKE-1">
<REFSECT2INFO>
<DATE>1998-09-24</DATE>
</REFSECT2INFO>
<TITLE>
Inputs
</TITLE>
<PARA>
<VARIABLELIST>
<VARLISTENTRY>
<TERM>
<REPLACEABLE CLASS="PARAMETER">privilege</REPLACEABLE>
</TERM>
<LISTITEM>
<PARA>
The possible privileges are:
</para>
</listitem>
</varlistentry>
<VARLISTENTRY>
<TERM>
SELECT
</TERM>
<LISTITEM>
<PARA>
Privilege to access all of the columns of a specific
table/view.
</PARA>
</LISTITEM>
</VARLISTENTRY>
<VARLISTENTRY>
<TERM>
INSERT
</TERM>
<LISTITEM>
<PARA>
Privilege to insert data into all columns of a
specific table.
</para>
</listitem>
</varlistentry>
<VARLISTENTRY>
<TERM>
UPDATE
</TERM>
<LISTITEM>
<PARA>
Privilege to update all columns of a specific
table.
</para>
</listitem>
</varlistentry>
<VARLISTENTRY>
<TERM>
DELETE
</TERM>
<LISTITEM>
<PARA>
Privilege to delete rows from a specific table.
</para>
</listitem>
</varlistentry>
<VARLISTENTRY>
<TERM>
RULE
</TERM>
<LISTITEM>
<PARA>
Privilege to define rules on table/view.
(See <command>CREATE RULE</command>).
</para>
</listitem>
</varlistentry>
<VARLISTENTRY>
<TERM>
ALL
</TERM>
<LISTITEM>
<PARA>
Rescind all privileges.
</para>
</listitem>
</varlistentry>
<VARLISTENTRY>
<TERM>
<REPLACEABLE CLASS="PARAMETER">object</REPLACEABLE>
</TERM>
<LISTITEM>
<PARA>
The name of an object from which to revoke access.
The possible objects are:
<itemizedlist mark="bullet" spacing="compact">
<listitem>
<para>
table
</para>
</listitem>
<listitem>
<para>
view
</para>
</listitem>
<listitem>
<para>
sequence
</para>
</listitem>
<listitem>
<para>
index
</para>
</listitem>
</itemizedlist>
</para>
</listitem>
</varlistentry>
<VARLISTENTRY>
<TERM>
<REPLACEABLE CLASS="PARAMETER">group</REPLACEABLE>
</TERM>
<LISTITEM>
<PARA>
The name of a group from whom to revoke privileges.
</PARA>
</LISTITEM>
</VARLISTENTRY>
<VARLISTENTRY>
<TERM>
<REPLACEABLE CLASS="PARAMETER">username</REPLACEABLE>
</TERM>
<LISTITEM>
<PARA>
The name of a user from whom revoke privileges. Use the PUBLIC keyword
to specify all users.
</PARA>
</LISTITEM>
</VARLISTENTRY>
<VARLISTENTRY>
<TERM>
PUBLIC
</TERM>
<LISTITEM>
<PARA>
Rescind the specified privilege(s) for all users.
</para>
</LISTITEM>
</VARLISTENTRY>
</VARIABLELIST>
</para>
</REFSECT2>
<REFSECT2 ID="R2-SQL-REVOKE-2">
<REFSECT2INFO>
<DATE>1998-09-24</DATE>
</REFSECT2INFO>
<TITLE>
Outputs
</TITLE>
<PARA>
<VARIABLELIST>
<VARLISTENTRY>
<TERM>
CHANGE
</TERM>
<LISTITEM>
<PARA>
Message returned if successfully.
</para>
</listitem>
</varlistentry>
<VARLISTENTRY>
<TERM>
ERROR
</TERM>
<LISTITEM>
<PARA>
Message returned if object is not available or impossible
to revoke privileges from a group or users.
</para>
</listitem>
</varlistentry>
</VARIABLELIST>
</para>
</REFSECT2>
</REFSYNOPSISDIV>
<REFSECT1 ID="R1-SQL-REVOKE-1">
<REFSECT1INFO>
<DATE>1998-09-24</DATE>
</REFSECT1INFO>
<TITLE>
Description
</TITLE>
<PARA>
REVOKE allows creator of an object to revoke permissions granted
before, from all users (via PUBLIC) or a certain user or group.
</para>
<REFSECT2 ID="R2-SQL-REVOKE-3">
<REFSECT2INFO>
<DATE>1998-09-24</DATE>
</REFSECT2INFO>
<TITLE>
Notes
</TITLE>
<PARA>
Refer to psql \z command for further information about permissions
on existing objects:
<programlisting>
Database = lusitania
+------------------+---------------------------------------------+
| Relation | Grant/Revoke Permissions |
+------------------+---------------------------------------------+
| mytable | {"=rw","miriam=arwR","group todos=rw"} |
+------------------+---------------------------------------------+
Legend:
uname=arwR -- privileges granted to a user
group gname=arwR -- privileges granted to a GROUP
=arwR -- privileges granted to PUBLIC
r -- SELECT
w -- UPDATE/DELETE
a -- INSERT
R -- RULE
arwR -- ALL
</programlisting>
</para>
<tip>
<para>
Currently, to create a GROUP you have to insert
Add new files from Oliver and Thomas.
1998-09-01 17:53:09 +02:00
data manually into table pg_group as:
Clean up to ensure tag completion as required by the newest versions of Norm's Modular Style Sheets and jade/docbook. From Vince Vielhaber <vev@michvhf.com>.
1998-12-29 03:24:47 +01:00
<programlisting>
INSERT INTO pg_group VALUES ('todos');
CREATE USER miriam IN GROUP todos;
</programlisting>
</para>
</tip>
</REFSECT2>
</refsect1>
<REFSECT1 ID="R1-SQL-REVOKE-2">
<TITLE>
Usage
</TITLE>
<PARA>
<ProgramListing>
-- revoke insert privilege from all users on table films:
--
REVOKE INSERT ON films FROM PUBLIC;
-- revoke all privileges from user manuel on view kinds:
--
REVOKE ALL ON kinds FROM manuel;
</ProgramListing>
</para>
</REFSECT1>
<REFSECT1 ID="R1-SQL-REVOKE-3">
<TITLE>
Compatibility
</TITLE>
<REFSECT2 ID="R2-SQL-REVOKE-4">
<REFSECT2INFO>
<DATE>1998-09-01</DATE>
</REFSECT2INFO>
<TITLE>
SQL92
</TITLE>
<PARA>
The SQL92 syntax for <command>REVOKE</command>
has additional capabilities for rescinding
privileges, including those on individual columns in tables:
<variablelist>
<varlistentry>
<term>
<synopsis>
REVOKE { SELECT | DELETE | USAGE | ALL PRIVILEGES } [, ...]
ON <replaceable class="parameter">object</replaceable>
FROM { PUBLIC | <replaceable class="parameter">username</replaceable> [, ...] } { RESTRICT | CASCADE }
REVOKE { INSERT | UPDATE | REFERENCES } [, ...] [ ( <replaceable class="parameter">column</replaceable> [, ...] ) ]
ON <replaceable class="parameter">object</replaceable>
FROM { PUBLIC | <replaceable class="parameter">username</replaceable> [, ...] } { RESTRICT | CASCADE }
</synopsis>
</term>
<listitem>
<para>
Refer to the <command>GRANT</command> command for details on individual fields.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<synopsis>
REVOKE GRANT OPTION FOR <replaceable class="parameter">privilege</replaceable> [, ...]
ON <replaceable class="parameter">object</replaceable>
FROM { PUBLIC | <replaceable class="parameter">username</replaceable> [, ...] } { RESTRICT | CASCADE }
</synopsis>
</term>
<listitem>
<para>
Rescinds authority for a user to grant the specified privilege to others.
Refer to the <command>GRANT</command> command for details on individual fields.
</para>
</listitem>
</varlistentry>
</variablelist>
</para>
<para>
The possible objects are:
<simplelist>
<member> [ TABLE ] table/view
</member>
<member> CHARACTER SET character-set
</member>
<member> COLLATION collation
</member>
<member> TRANSLATION translation
</member>
<member> DOMAIN domain
</member>
</simplelist>
</para>
<para>
If user1 gives a privilege WITH GRANT OPTION to user2,
and user2 gives it to user3 then user1 can revoke
this privilege in cascade using the CASCADE keyword.
</para>
<para>
If user1 gives a privilege WITH GRANT OPTION to user2,
and user2 gives it to user3 then if user1 try revoke
this privilege it fails if he/she specify the RESTRICT
keyword.
</para>
</refsect2>
</refsect1>
Add new files from Oliver and Thomas.
1998-09-01 17:53:09 +02:00
</REFENTRY>
Reference in New Issue Copy Permalink