11<!--
2- $Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.17 2001/12/08 03:24:37 thomas Exp $
2+ $Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.18 2002/01/18 01:04:53 tgl Exp $
33PostgreSQL documentation
44-->
55
@@ -43,14 +43,15 @@ GRANT { { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRIGGER } [,..
4343 </para>
4444
4545 <para>
46- Users other than the creator do not have any access privileges
47- toan object unless the creator grants permissions.
46+ Users other than the creatorof an object do not have any access privileges
47+ tothe object unless the creator grants permissions.
4848 There is no need to grant privileges to the creator of an object,
49- as the creator automatically holds all privileges, and can also
50- drop the object. (The creator could, however, choose to revoke
49+ as the creator automatically holds all privileges.
50+ (The creator could, however, choose to revoke
5151 some of his own privileges for safety. Note that the ability to
5252 grant and revoke privileges is inherent in the creator and cannot
53- be lost.)
53+ be lost. The right to drop the object is likewise inherent in the
54+ creator, and cannot be granted or revoked.)
5455 </para>
5556
5657 <para>
@@ -96,7 +97,7 @@ GRANT { { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRIGGER } [,..
9697 <term>DELETE</term>
9798 <listitem>
9899 <para>
99- Allowsthe <xref linkend="sql-delete" endterm="sql-delete-title"> of a row from the
100+ Allows <xref linkend="sql-delete" endterm="sql-delete-title"> of a row from the
100101 specified table.
101102 </para>
102103 </listitem>
@@ -107,7 +108,7 @@ GRANT { { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRIGGER } [,..
107108 <listitem>
108109 <para>
109110 Allows the creation of a rule on the table/view. (See <xref
110- linkend="sql-createrule" endterm="sql-createrule-title"> statement).
111+ linkend="sql-createrule" endterm="sql-createrule-title"> statement.)
111112 </para>
112113 </listitem>
113114 </varlistentry>
@@ -117,7 +118,7 @@ GRANT { { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRIGGER } [,..
117118 <listitem>
118119 <para>
119120 To create a table with a foreign key constraint, it is
120- necessary to have this privilege on the table with theprimary
121+ necessary to have this privilege on the table with thereferenced
121122 key.
122123 </para>
123124 </listitem>
@@ -128,7 +129,7 @@ GRANT { { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRIGGER } [,..
128129 <listitem>
129130 <para>
130131 Allows the creation of a trigger on the specified table. (See
131- <xref linkend="sql-createtrigger" endterm="sql-createtrigger-title"> statement).
132+ <xref linkend="sql-createtrigger" endterm="sql-createtrigger-title"> statement.)
132133 </para>
133134 </listitem>
134135 </varlistentry>
@@ -138,7 +139,8 @@ GRANT { { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRIGGER } [,..
138139 <listitem>
139140 <para>
140141 Grant all of the above privileges at once. The
141- <literal>PRIVILEGES</literal> key word is optional, but it is
142+ <literal>PRIVILEGES</literal> key word is optional in
143+ <productname>PostgreSQL</productname>, though it is
142144 required by strict SQL.
143145 </para>
144146 </listitem>
@@ -154,6 +156,14 @@ GRANT { { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRIGGER } [,..
154156 <refsect1 id="SQL-GRANT-notes">
155157 <title>Notes</title>
156158
159+ <para>
160+ It should be noted that database <firstterm>superusers</> can access
161+ all objects regardless of object privilege settings. This
162+ is comparable to the rights of <literal>root</> in a Unix system.
163+ As with <literal>root</>, it's unwise to operate as a superuser
164+ except when absolutely necessary.
165+ </para>
166+
157167 <para>
158168 Currently, to grant privileges in <productname>PostgreSQL</productname>
159169 to only a few columns, you must