From 4355d4fb215f0f795241871b30eb3b7e949387cd Mon Sep 17 00:00:00 2001 From: Peter Eisentraut Date: Sun, 29 Jun 2003 15:14:41 +0000 Subject: Information schema views for group privileges, some corrections on column privileges. --- doc/src/sgml/information_schema.sgml | 553 +++++++++++++++++++++++++++++++++-- 1 file changed, 536 insertions(+), 17 deletions(-) (limited to 'doc/src') diff --git a/doc/src/sgml/information_schema.sgml b/doc/src/sgml/information_schema.sgml index 3936cdec490..fb04ea8825f 100644 --- a/doc/src/sgml/information_schema.sgml +++ b/doc/src/sgml/information_schema.sgml @@ -1,4 +1,4 @@ - + The Information Schema @@ -142,6 +142,52 @@ + + <literal>applicable_roles</literal> + + + The view applicable_roles identifies all groups + that the current user is a member of. (A role is the same thing as + a group.) Generally, it is better to use the view + enabled_roles instead of this one; see also + there. + + + + <literal>applicable_roles</literal> Columns + + + + + Name + Data Type + Description + + + + + + grantee + sql_identifier + Always the name of the current user + + + + role_name + sql_identifier + Name of a group + + + + is_grantable + character_data + Applies to a feature not available in PostgreSQL + + + +
+ + <literal>check_constraints</literal> @@ -268,7 +314,8 @@ The view column_privileges identifies all privileges granted on columns to the current user or by the current user. There is one row for each combination of column, grantor, - and grantee. + and grantee. Privileges granted to groups are identified in the + view role_column_grants. @@ -276,9 +323,13 @@ individual columns. Therefore, this view contains the same information as table_privileges, just represented through one row for each column in each appropriate - table. But if you want to make your applications fit for possible - future developements, it is generally the right choice to use this - view instead of table_privileges. + table, but it only convers privilege types where column granularity + is possible: SELECT, INSERT, + UPDATE, REFERENCES. If you + want to make your applications fit for possible future + developements, it is generally the right choice to use this view + instead of table_privileges if one of those + privilege types is concerned. @@ -303,7 +354,7 @@ grantee sql_identifier - Name of the user that the privilege was granted to + Name of the user or group that the privilege was granted to @@ -335,9 +386,8 @@ character_data Type of the privilege: SELECT, - DELETE, INSERT, - UPDATE, REFERENCES, or - TRIGGER + INSERT, UPDATE, or + REFERENCES @@ -349,6 +399,14 @@
+ + + Note that the column grantee makes no + distinction between users and groups. If you have users and groups + with the same name, there is unfortunately no way to distinguish + them. A future version of PostgreSQL will possibly prohibit having + users and groups with the same name. + @@ -1627,6 +1685,42 @@ ORDER BY c.ordinal_position; + + <literal>enabled_roles</literal> + + + The view enabled_roles identifies all groups + that the current user is a member of. (A role is the same thing as + a group.) The difference between this view and + applicable_roles is that in the future there may + be a mechanism to enable and disable groups during a session. In + that case this view identifies those groups that are currently + enabled. + + + + <literal>enabled_roles</literal> Columns + + + + + Name + Data Type + Description + + + + + + role_name + sql_identifier + Name of a group + + + +
+ + <literal>key_column_usage</literal> @@ -2066,6 +2160,334 @@ ORDER BY c.ordinal_position; + + <literal>role_columns_grants</literal> + + + The view role_column_grants identifies all + privileges granted on columns to a group that the current user is a + member of. Further information can be found under + column_privileges. + + + + <literal>role_column_grants</literal> Columns + + + + + Name + Data Type + Description + + + + + + grantor + sql_identifier + Name of the user that granted the privilege + + + + grantee + sql_identifier + Name of the group that the privilege was granted to + + + + table_catalog + sql_identifier + Name of the database that contains the table that contains the column (always the current database) + + + + table_schema + sql_identifier + Name of the schema that contains the table that contains the column + + + + table_name + sql_identifier + Name of the table that contains the column + + + + column_name + sql_identifier + Name of the column + + + + privilege_type + character_data + + Type of the privilege: SELECT, + INSERT, UPDATE, or + REFERENCES + + + + + is_grantable + character_data + YES if the privilege is grantable, NO if not + + + +
+ + + + <literal>role_routine_grants</literal> + + + The view role_routine_grants identifies all + privileges granted on functions to a group that the current user is + a member of. Further information can be found under + routine_privileges. + + + + <literal>role_routine_grants</literal> Columns + + + + + Name + Data Type + Description + + + + + + grantor + sql_identifier + Name of the user that granted the privilege + + + + grantee + sql_identifier + Name of the group that the privilege was granted to + + + + specific_catalog + sql_identifier + Name of the database containing the function (always the current database) + + + + specific_schema + sql_identifier + Name of the schema containing the function + + + + specific_name + sql_identifier + + The specific name of the function. See for more information. + + + + + routine_catalog + sql_identifier + Name of the database containing the function (always the current database) + + + + routine_schema + sql_identifier + Name of the schema containing the function + + + + routine_name + sql_identifier + Name of the function (may be duplicated in case of overloading) + + + + privilege_type + character_data + Always EXECUTE (the only privilege type for functions) + + + + is_grantable + character_data + YES if the privilege is grantable, NO if not + + + +
+ + + + <literal>role_table_grants</literal> + + + The view role_table_grants identifies all + privileges granted on tables or views to a group that the current + user is a member of. Further information can be found under + table_privileges. + + + + <literal>role_table_grants</literal> Columns + + + + + Name + Data Type + Description + + + + + + grantor + sql_identifier + Name of the user that granted the privilege + + + + grantee + sql_identifier + Name of the group that the privilege was granted to + + + + table_catalog + sql_identifier + Name of the database that contains the table (always the current database) + + + + table_schema + sql_identifier + Name of the schema that contains the table + + + + table_name + sql_identifier + Name of the table + + + + privilege_type + character_data + + Type of the privilege: SELECT, + DELETE, INSERT, + UPDATE, REFERENCES, + RULE, or TRIGGER + + + + + is_grantable + character_data + YES if the privilege is grantable, NO if not + + + + with_hierarchy + character_data + Applies to a feature not available in PostgreSQL + + + +
+ + + + <literal>role_usage_grants</literal> + + + The view role_usage_grants is meant to identify + USAGE privileges granted on various kinds of + objects to a group that the current user is a member of. In + PostgreSQL, this currently only applies to domains, and since + domains do not have real privileges in PostgreSQL, this view is + empty. Futher information can be found under + usage_privileges. In the future, this view may + contain more useful information. + + + + <literal>role_usage_grants</literal> Columns + + + + + Name + Data Type + Description + + + + + + grantor + sql_identifier + In the future, the name of the user that granted the privilege + + + + grantee + sql_identifier + In the future, the name of the group that the privilege was granted to + + + + object_catalog + sql_identifier + Name of the database containing the object (always the current database) + + + + object_schema + sql_identifier + Name of the schema containing the object + + + + object_name + sql_identifier + Name of the object + + + + object_type + character_data + In the future, the type of the object + + + + privilege_type + character_data + Always USAGE + + + + is_grantable + character_data + YES if the privilege is grantable, NO if not + + + +
+ + <literal>routine_privileges</literal> @@ -2073,7 +2495,8 @@ ORDER BY c.ordinal_position; The view routine_privileges identifies all privileges granted on functions to the current user or by the current user. There is one row for each combination of function, - grantor, and grantee. + grantor, and grantee. Privileges granted to groups are identified + in the view role_routine_grants. @@ -2098,7 +2521,7 @@ ORDER BY c.ordinal_position; grantee sql_identifier - Name of the user that the privilege was granted to + Name of the user or group that the privilege was granted to @@ -2154,6 +2577,14 @@ ORDER BY c.ordinal_position;
+ + + Note that the column grantee makes no + distinction between users and groups. If you have users and groups + with the same name, there is unfortunately no way to distinguish + them. A future version of PostgreSQL will possibly prohibit having + users and groups with the same name. + @@ -3147,9 +3578,10 @@ ORDER BY c.ordinal_position; The view table_privileges identifies all - privileges granted on tables to the current user or by the current - user. There is one row for each combination of table, grantor, and - grantee. + privileges granted on tables or views to the current user or by the + current user. There is one row for each combination of table, + grantor, and grantee. Privileges granted to groups are identified + in the view role_table_grants. @@ -3174,7 +3606,7 @@ ORDER BY c.ordinal_position; grantee sql_identifier - Name of the user that the privilege was granted to + Name of the user or group that the privilege was granted to @@ -3201,8 +3633,8 @@ ORDER BY c.ordinal_position; Type of the privilege: SELECT, DELETE, INSERT, - UPDATE, REFERENCES, or - TRIGGER + UPDATE, REFERENCES, + RULE, or TRIGGER @@ -3220,6 +3652,14 @@ ORDER BY c.ordinal_position;
+ + + Note that the column grantee makes no + distinction between users and groups. If you have users and groups + with the same name, there is unfortunately no way to distinguish + them. A future version of PostgreSQL will possibly prohibit having + users and groups with the same name. + @@ -3459,6 +3899,85 @@ ORDER BY c.ordinal_position; + + <literal>usage_privileges</literal> + + + The view usage_privileges is meant to identify + USAGE privileges granted on various kinds of + objects to the current user or by the current user. In PostgreSQL, + this currently only applies to domains, and since domains do not + have real privileges in PostgreSQL, this view shows implicit + USAGE privileges granted to + PUBLIC for all domains. In the future, this + view may contain more useful information. + + + + <literal>usage_privileges</literal> Columns + + + + + Name + Data Type + Description + + + + + + grantor + sql_identifier + Currently set to the name of the owner of the object + + + + grantee + sql_identifier + Currently always PUBLIC + + + + object_catalog + sql_identifier + Name of the database containing the object (always the current database) + + + + object_schema + sql_identifier + Name of the schema containing the object + + + + object_name + sql_identifier + Name of the object + + + + object_type + character_data + Currently always DOMAIN + + + + privilege_type + character_data + Always USAGE + + + + is_grantable + character_data + Currently always NO + + + +
+ + <literal>view_column_usage</literal> -- cgit v1.2.3