File: ddl-priv.html

package info (click to toggle)
pgadmin3 1.4.3-2
  • links: PTS
  • area: main
  • in suites: etch, etch-m68k
  • size: 29,796 kB
  • ctags: 10,758
  • sloc: cpp: 55,356; sh: 6,164; ansic: 1,520; makefile: 576; sql: 482; xml: 100; perl: 18
file content (84 lines) | stat: -rw-r--r-- 4,619 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
 
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>5.6.Privileges</title>
<link rel="stylesheet" href="stylesheet.css" type="text/css">
<link rev="made" href="pgsql-docs@postgresql.org">
<meta name="generator" content="DocBook XSL Stylesheets V1.70.0">
<link rel="start" href="index.html" title="PostgreSQL 8.1.4 Documentation">
<link rel="up" href="ddl.html" title="Chapter5.Data Definition">
<link rel="prev" href="ddl-alter.html" title="5.5.Modifying Tables">
<link rel="next" href="ddl-schemas.html" title="5.7.Schemas">
<link rel="copyright" href="ln-legalnotice.html" title="Legal Notice">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="sect1" lang="en">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="ddl-priv"></a>5.6.Privileges</h2></div></div></div>
<a name="id576540"></a><a name="id576552"></a><p>   When you create a database object, you become its owner.  By
   default, only the owner of an object can do anything with the
   object. In order to allow other users to use it,
   <em class="firstterm">privileges</em> must be granted.  (However,
   users that have the superuser attribute can always
   access any object.)
  </p>
<p>   There are several different privileges: <code class="literal">SELECT</code>,
   <code class="literal">INSERT</code>, <code class="literal">UPDATE</code>, <code class="literal">DELETE</code>,
   <code class="literal">RULE</code>, <code class="literal">REFERENCES</code>, <code class="literal">TRIGGER</code>,
   <code class="literal">CREATE</code>, <code class="literal">TEMPORARY</code>, <code class="literal">EXECUTE</code>, and
   <code class="literal">USAGE</code>.  The privileges applicable to a particular
   object vary depending on the object's type (table, function, etc).
   For complete information on the different types of privileges
   supported by <span class="productname">PostgreSQL</span>, refer to the
   <a href="sql-grant.html">GRANT</a> reference
   page.  The following sections and chapters will also show you how
   those privileges are used.
  </p>
<p>   The right to modify or destroy an object is always the privilege of
   the owner only.
  </p>
<div class="note" style="margin-left: 0.5in; margin-right: 0.5in;">
<h3 class="title">Note</h3>
<p>    To change the owner of a table, index, sequence, or view, use the
    <a href="sql-altertable.html">ALTER TABLE</a>
    command.  There are corresponding <code class="literal">ALTER</code> commands for
    other object types.
   </p>
</div>
<p>   To assign privileges, the <code class="command">GRANT</code> command is
   used. For example, if <code class="literal">joe</code> is an existing user, and
   <code class="literal">accounts</code> is an existing table, the privilege to
   update the table can be granted with
</p>
<pre class="programlisting">GRANT UPDATE ON accounts TO joe;</pre>
<p>
   To grant a privilege to a group, use this syntax:
</p>
<pre class="programlisting">GRANT SELECT ON accounts TO GROUP staff;</pre>
<p>
   The special &#8220;<span class="quote">user</span>&#8221; name <code class="literal">PUBLIC</code> can
   be used to grant a privilege to every user on the system. Writing
   <code class="literal">ALL</code> in place of a specific privilege grants all
   privileges that are relevant for the object type.
  </p>
<p>   To revoke a privilege, use the fittingly named
   <code class="command">REVOKE</code> command:
</p>
<pre class="programlisting">REVOKE ALL ON accounts FROM PUBLIC;</pre>
<p>
   The special privileges of the object owner (i.e., the right to do
   <code class="command">DROP</code>, <code class="command">GRANT</code>, <code class="command">REVOKE</code>, etc.)
   are always implicit in being the owner,
   and cannot be granted or revoked.  But the object owner can choose
   to revoke his own ordinary privileges, for example to make a
   table read-only for himself as well as others.
  </p>
<p>   Ordinarily, only the object's owner (or a superuser) can grant or
   revoke privileges on an object.  However, it is possible to grant a
   privilege &#8220;<span class="quote">with grant option</span>&#8221;, which gives the recipient
   the right to grant it in turn to others.  If the grant option is
   subsequently revoked then all who received the privilege from that
   recipient (directly or through a chain of grants) will lose the
   privilege.  For details see the <a href="sql-grant.html">GRANT</a> and <a href="sql-revoke.html">REVOKE</a> reference pages.
  </p>
</div></body>
</html>