diff options
Diffstat (limited to 'doc/src/sgml/ref/revoke.sgml')
| -rw-r--r-- | doc/src/sgml/ref/revoke.sgml | 767 |
1 files changed, 396 insertions, 371 deletions
diff --git a/doc/src/sgml/ref/revoke.sgml b/doc/src/sgml/ref/revoke.sgml index 5fc793ea1da..ad6184cca79 100644 --- a/doc/src/sgml/ref/revoke.sgml +++ b/doc/src/sgml/ref/revoke.sgml @@ -1,384 +1,409 @@ -<REFENTRY ID="SQL-REVOKE"> -<REFMETA> -<REFENTRYTITLE> -REVOKE -</REFENTRYTITLE> -<REFMISCINFO>SQL - Language Statements</REFMISCINFO> -</REFMETA> -<REFNAMEDIV> -<REFNAME> -REVOKE -</REFNAME> -<REFPURPOSE> -Revokes access privilege from a user, a group or all users. -</REFPURPOSE> - </refnamediv> -<REFSYNOPSISDIV> -<REFSYNOPSISDIVINFO> -<DATE>1998-09-24</DATE> -</REFSYNOPSISDIVINFO> -<SYNOPSIS> -<REPLACEABLE CLASS="PARAMETER"> -</REPLACEABLE> -REVOKE <REPLACEABLE CLASS="PARAMETER">privilege</REPLACEABLE> [, ...] - ON <REPLACEABLE CLASS="PARAMETER">object</REPLACEABLE> [, ...] - FROM { PUBLIC | GROUP <REPLACEABLE CLASS="PARAMETER">group</REPLACEABLE> | <REPLACEABLE CLASS="PARAMETER">username</REPLACEABLE> } -</SYNOPSIS> +<refentry id="SQL-REVOKE"> + <refmeta> + <refentrytitle> + REVOKE + </refentrytitle> + <refmiscinfo>SQL - Language Statements</refmiscinfo> + </refmeta> + <refnamediv> + <refname> + REVOKE + </refname> + <refpurpose> + Revokes access privilege from a user, a group or all users. + </refpurpose> + </refnamediv> + <refsynopsisdiv> + <refsynopsisdivinfo> + <date>1998-09-24</date> + </refsynopsisdivinfo> + <synopsis> +REVOKE <replaceable class="PARAMETER">privilege</replaceable> [, ...] + ON <replaceable class="PARAMETER">object</replaceable> [, ...] + FROM { PUBLIC | GROUP <replaceable class="PARAMETER">ER">g</replaceable>BLE> | <replaceable class="PARAMETER">username</replaceable> } + </synopsis> - <REFSECT2 ID="R2-SQL-REVOKE-1"> - <REFSECT2INFO> - <DATE>1998-09-24</DATE> - </REFSECT2INFO> - <TITLE> - Inputs - </TITLE> - <PARA> - - <VARIABLELIST> - <VARLISTENTRY> - <TERM> - <REPLACEABLE CLASS="PARAMETER">privilege</REPLACEABLE> - </TERM> - <LISTITEM> - <PARA> - The possible privileges are: - </para> - </listitem> - </varlistentry> + <refsect2 id="R2-SQL-REVOKE-1"> + <refsect2info> + <date>1998-09-24</date> + </refsect2info> + <title> + Inputs + </title> + <para> - <VARLISTENTRY> - <TERM> - SELECT - </TERM> - <LISTITEM> - <PARA> - Privilege to access all of the columns of a specific - table/view. - </PARA> - </LISTITEM> - </VARLISTENTRY> - - <VARLISTENTRY> - <TERM> - INSERT - </TERM> - <LISTITEM> - <PARA> - Privilege to insert data into all columns of a - specific table. - </para> - </listitem> - </varlistentry> - - <VARLISTENTRY> - <TERM> - UPDATE - </TERM> - <LISTITEM> - <PARA> - Privilege to update all columns of a specific - table. - </para> - </listitem> - </varlistentry> - - <VARLISTENTRY> - <TERM> - DELETE - </TERM> - <LISTITEM> - <PARA> - Privilege to delete rows from a specific table. - </para> - </listitem> - </varlistentry> - - <VARLISTENTRY> - <TERM> - RULE - </TERM> - <LISTITEM> - <PARA> - Privilege to define rules on table/view. - (See <command>CREATE RULE</command>). - </para> - </listitem> - </varlistentry> - - <VARLISTENTRY> - <TERM> - ALL - </TERM> - <LISTITEM> - <PARA> - Rescind all privileges. - </para> - </listitem> - </varlistentry> - - <VARLISTENTRY> - <TERM> - <REPLACEABLE CLASS="PARAMETER">object</REPLACEABLE> - </TERM> - <LISTITEM> - <PARA> - The name of an object from which to revoke access. - The possible objects are: - <itemizedlist mark="bullet" spacing="compact"> - <listitem> - <para> - table - </para> - </listitem> - - <listitem> - <para> - view - </para> - </listitem> - - <listitem> - <para> - sequence - </para> - </listitem> - - <listitem> - <para> - index - </para> - </listitem> - </itemizedlist> - </para> - </listitem> - </varlistentry> - - <VARLISTENTRY> - <TERM> - <REPLACEABLE CLASS="PARAMETER">group</REPLACEABLE> - </TERM> - <LISTITEM> - <PARA> - The name of a group from whom to revoke privileges. - </PARA> - </LISTITEM> - </VARLISTENTRY> - - <VARLISTENTRY> - <TERM> - <REPLACEABLE CLASS="PARAMETER">username</REPLACEABLE> - </TERM> - <LISTITEM> - <PARA> - The name of a user from whom revoke privileges. Use the PUBLIC keyword - to specify all users. - </PARA> - </LISTITEM> - </VARLISTENTRY> - - <VARLISTENTRY> - <TERM> - PUBLIC - </TERM> - <LISTITEM> - <PARA> - Rescind the specified privilege(s) for all users. - </para> - </LISTITEM> - </VARLISTENTRY> - </VARIABLELIST> - </para> - </REFSECT2> + <variablelist> + <varlistentry> + <term> + <replaceable class="PARAMETER">privilege</replaceable> + </term> + <listitem> + <para> + The possible privileges are: + </para> + </listitem> + </varlistentry> - <REFSECT2 ID="R2-SQL-REVOKE-2"> - <REFSECT2INFO> - <DATE>1998-09-24</DATE> - </REFSECT2INFO> - <TITLE> - Outputs - </TITLE> - <PARA> - - <VARIABLELIST> - <VARLISTENTRY> - <TERM> - CHANGE - </TERM> - <LISTITEM> - <PARA> - Message returned if successfully. - </para> - </listitem> - </varlistentry> - - <VARLISTENTRY> - <TERM> - ERROR - </TERM> - <LISTITEM> - <PARA> - Message returned if object is not available or impossible - to revoke privileges from a group or users. - </para> - </listitem> - </varlistentry> - </VARIABLELIST> - </para> - </REFSECT2> - </REFSYNOPSISDIV> - - <REFSECT1 ID="R1-SQL-REVOKE-1"> - <REFSECT1INFO> - <DATE>1998-09-24</DATE> - </REFSECT1INFO> - <TITLE> - Description - </TITLE> - <PARA> - REVOKE allows creator of an object to revoke permissions granted - before, from all users (via PUBLIC) or a certain user or group. - </para> + <varlistentry> + <term> + SELECT + </term> + <listitem> + <para> + Privilege to access all of the columns of a specific + table/view. + </para> + </listitem> + </varlistentry> - <REFSECT2 ID="R2-SQL-REVOKE-3"> - <REFSECT2INFO> - <DATE>1998-09-24</DATE> - </REFSECT2INFO> - <TITLE> - Notes - </TITLE> - <PARA> - Refer to psql \z command for further information about permissions - on existing objects: - - <programlisting> - Database = lusitania - +------------------+---------------------------------------------+ - | Relation | Grant/Revoke Permissions | - +------------------+---------------------------------------------+ - | mytable | {"=rw","miriam=arwR","group todos=rw"} | - +------------------+---------------------------------------------+ - Legend: - uname=arwR -- privileges granted to a user - group gname=arwR -- privileges granted to a GROUP - =arwR -- privileges granted to PUBLIC - - r -- SELECT - w -- UPDATE/DELETE - a -- INSERT - R -- RULE - arwR -- ALL - </programlisting> - </para> - <tip> - <para> - Currently, to create a GROUP you have to insert - data manually into table pg_group as: - <programlisting> - INSERT INTO pg_group VALUES ('todos'); - CREATE USER miriam IN GROUP todos; - </programlisting> - </para> - </tip> + <varlistentry> + <term> + INSERT + </term> + <listitem> + <para> + Privilege to insert data into all columns of a + specific table. + </para> + </listitem> + </varlistentry> - </REFSECT2> - </refsect1> + <varlistentry> + <term> + UPDATE + </term> + <listitem> + <para> + Privilege to update all columns of a specific + table. + </para> + </listitem> + </varlistentry> - <REFSECT1 ID="R1-SQL-REVOKE-2"> - <TITLE> - Usage - </TITLE> - <PARA> - <ProgramListing> - -- revoke insert privilege from all users on table films: - -- - REVOKE INSERT ON films FROM PUBLIC; - - -- revoke all privileges from user manuel on view kinds: - -- - REVOKE ALL ON kinds FROM manuel; - </ProgramListing> - </para> - </REFSECT1> - - <REFSECT1 ID="R1-SQL-REVOKE-3"> - <TITLE> - Compatibility - </TITLE> - - <REFSECT2 ID="R2-SQL-REVOKE-4"> - <REFSECT2INFO> - <DATE>1998-09-01</DATE> - </REFSECT2INFO> - <TITLE> - SQL92 - </TITLE> - <PARA> - The SQL92 syntax for <command>REVOKE</command> - has additional capabilities for rescinding - privileges, including those on individual columns in tables: + <varlistentry> + <term> + DELETE + </term> + <listitem> + <para> + Privilege to delete rows from a specific table. + </para> + </listitem> + </varlistentry> - <variablelist> - <varlistentry> - <term> - <synopsis> - REVOKE { SELECT | DELETE | USAGE | ALL PRIVILEGES } [, ...] - ON <replaceable class="parameter">object</replaceable> - FROM { PUBLIC | <replaceable class="parameter">username</replaceable> [, ...] } { RESTRICT | CASCADE } - REVOKE { INSERT | UPDATE | REFERENCES } [, ...] [ ( <replaceable class="parameter">column</replaceable> [, ...] ) ] - ON <replaceable class="parameter">object</replaceable> - FROM { PUBLIC | <replaceable class="parameter">username</replaceable> [, ...] } { RESTRICT | CASCADE } - </synopsis> - </term> - <listitem> - <para> - Refer to the <command>GRANT</command> command for details on individual fields. - </para> - </listitem> - </varlistentry> - - <varlistentry> - <term> - <synopsis> - REVOKE GRANT OPTION FOR <replaceable class="parameter">privilege</replaceable> [, ...] - ON <replaceable class="parameter">object</replaceable> - FROM { PUBLIC | <replaceable class="parameter">username</replaceable> [, ...] } { RESTRICT | CASCADE } - </synopsis> - </term> - <listitem> - <para> - Rescinds authority for a user to grant the specified privilege to others. - Refer to the <command>GRANT</command> command for details on individual fields. - </para> - </listitem> - </varlistentry> - </variablelist> + <varlistentry> + <term> + RULE + </term> + <listitem> + <para> + Privilege to define rules on table/view. + (See <command>CREATE RULE</command>). + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + ALL + </term> + <listitem> + <para> + Rescind all privileges. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <replaceable class="PARAMETER">object</replaceable> + </term> + <listitem> + <para> + The name of an object from which to revoke access. + The possible objects are: + <itemizedlist spacing="compact" mark="bullet"> + <listitem> + <para> + table </para> + </listitem> + + <listitem> <para> - The possible objects are: - <simplelist> - <member> [ TABLE ] table/view - </member> - <member> CHARACTER SET character-set - </member> - <member> COLLATION collation - </member> - <member> TRANSLATION translation - </member> - <member> DOMAIN domain - </member> - </simplelist> + view </para> - <para> - If user1 gives a privilege WITH GRANT OPTION to user2, - and user2 gives it to user3 then user1 can revoke - this privilege in cascade using the CASCADE keyword. + </listitem> + + <listitem> + <para> + sequence </para> + </listitem> + + <listitem> <para> - If user1 gives a privilege WITH GRANT OPTION to user2, - and user2 gives it to user3 then if user1 try revoke - this privilege it fails if he/she specify the RESTRICT - keyword. + index </para> - </refsect2> - </refsect1> -</REFENTRY> + </listitem> + </itemizedlist> + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <replaceable class="PARAMETER">group</replaceable> + </term> + <listitem> + <para> + The name of a group from whom to revoke privileges. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <replaceable class="PARAMETER">username</replaceable> + </term> + <listitem> + <para> + The name of a user from whom revoke privileges. Use the PUBLIC keyword + to specify all users. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + PUBLIC + </term> + <listitem> + <para> + Rescind the specified privilege(s) for all users. + </para> + </listitem> + </varlistentry> + </variablelist> + </para> + </refsect2> + + <refsect2 id="R2-SQL-REVOKE-2"> + <refsect2info> + <date>1998-09-24</date> + </refsect2info> + <title> + Outputs + </title> + <para> + + <variablelist> + <varlistentry> + <term> + CHANGE + </term> + <listitem> + <para> + Message returned if successfully. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + ERROR + </term> + <listitem> + <para> + Message returned if object is not available or impossible + to revoke privileges from a group or users. + </para> + </listitem> + </varlistentry> + </variablelist> + </para> + </refsect2> + </refsynopsisdiv> + + <refsect1 id="R1-SQL-REVOKE-1"> + <refsect1info> + <date>1998-09-24</date> + </refsect1info> + <title> + Description + </title> + <para> + REVOKE allows creator of an object to revoke permissions granted + before, from all users (via PUBLIC) or a certain user or group. + </para> + + <refsect2 id="R2-SQL-REVOKE-3"> + <refsect2info> + <date>1998-09-24</date> + </refsect2info> + <title> + Notes + </title> + <para> + Refer to psql \z command for further information about permissions + on existing objects: + + <programlisting> +Database = lusitania ++------------------+---------------------------------------------+ +| Relation | Grant/Revoke Permissions | ++------------------+---------------------------------------------+ +| mytable | {"=rw","miriam=arwR","group todos=rw"} | ++------------------+---------------------------------------------+ +Legend: + uname=arwR -- privileges granted to a user + group gname=arwR -- privileges granted to a GROUP + =arwR -- privileges granted to PUBLIC + + r -- SELECT + w -- UPDATE/DELETE + a -- INSERT + R -- RULE + arwR -- ALL + </programlisting> + </para> + <tip> + <para> + Currently, to create a GROUP you have to insert + data manually into table pg_group as: + <programlisting> +INSERT INTO pg_group VALUES ('todos'); +CREATE USER miriam IN GROUP todos; + </programlisting> + </para> + </tip> + + </refsect2> + </refsect1> + + <refsect1 id="R1-SQL-REVOKE-2"> + <title> + Usage + </title> + <para> + <programlisting> +-- revoke insert privilege from all users on table films: +-- +REVOKE INSERT ON films FROM PUBLIC; + </programlisting> + + <programlisting> +-- revoke all privileges from user manuel on view kinds: +-- +REVOKE ALL ON kinds FROM manuel; + </programlisting> + </para> + </refsect1> + + <refsect1 id="R1-SQL-REVOKE-3"> + <title> + Compatibility + </title> + + <refsect2 id="R2-SQL-REVOKE-4"> + <refsect2info> + <date>1998-09-01</date> + </refsect2info> + <title> + SQL92 + </title> + <para> + The SQL92 syntax for <command>REVOKE</command> + has additional capabilities for rescinding + privileges, including those on individual columns in tables: + + <variablelist> + <varlistentry> + <term> + <synopsis> +REVOKE { SELECT | DELETE | USAGE | ALL PRIVILEGES } [, ...] + ON <replaceable class="parameter">object</replaceable> + FROM { PUBLIC | <replaceable class="parameter">username</replaceable> [, ...] } { RESTRICT | CASCADE } +REVOKE { INSERT | UPDATE | REFERENCES } [, ...] [ ( <replaceable class="parameter">column</replaceable> [, ...] ) ] + ON <replaceable class="parameter">object</replaceable> + FROM { PUBLIC | <replaceable class="parameter">username</replaceable> [, ...] } { RESTRICT | CASCADE } + </synopsis> + </term> + <listitem> + <para> + Refer to <command>GRANT</command> for details on individual fields. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term> + <synopsis> +REVOKE GRANT OPTION FOR <replaceable class="parameter">privilege</replaceable> [, ...] + ON <replaceable class="parameter">object</replaceable> + FROM { PUBLIC | <replaceable class="parameter">username</replaceable> [, ...] } { RESTRICT | CASCADE } + </synopsis> + </term> + <listitem> + <para> + Rescinds authority for a user to grant the specified privilege + to others. + Refer to the <command>GRANT</command> command for details + on individual fields. + </para> + </listitem> + </varlistentry> + </variablelist> + </para> + <para> + The possible objects are: + <simplelist> + <member> + [ TABLE ] table/view + </member> + <member> + CHARACTER SET character-set + </member> + <member> + COLLATION collation + </member> + <member> + TRANSLATION translation + </member> + <member> + DOMAIN domain + </member> + </simplelist> + </para> + + <para> + If user1 gives a privilege WITH GRANT OPTION to user2, + and user2 gives it to user3 then user1 can revoke + this privilege in cascade using the CASCADE keyword. + </para> + <para> + If user1 gives a privilege WITH GRANT OPTION to user2, + and user2 gives it to user3 then if user1 try revoke + this privilege it fails if he/she specify the RESTRICT + keyword. + </para> + </refsect2> + </refsect1> +</refentry> + +<!-- Keep this comment at the end of the file +Local variables: +mode: sgml +sgml-omittag:nil +sgml-shorttag:t +sgml-minimize-attributes:nil +sgml-always-quote-attributes:t +sgml-indent-step:1 +sgml-indent-data:t +sgml-parent-document:nil +sgml-default-dtd-file:"../reference.ced" +sgml-exposed-tags:nil +sgml-local-catalogs:"/usr/lib/sgml/catalog" +sgml-local-ecat-files:nil +End: +--> |