Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitd845fd6

Browse files
committed
sepgsql: Reword and fix typo in docs on DML permissions.
Per report from Christoph Berg.
1 parent388c2f9 commitd845fd6

File tree

1 file changed

+18
-25
lines changed

1 file changed

+18
-25
lines changed

‎doc/src/sgml/sepgsql.sgml

Lines changed: 18 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -345,42 +345,35 @@ $ sudo semodule -r sepgsql-regtest
345345

346346
<para>
347347
For tables, <literal>db_table:select</>, <literal>db_table:insert</>,
348-
<literal>db_table:update</> or <literal>db_table:delete</>is
348+
<literal>db_table:update</> or <literal>db_table:delete</>are
349349
checked for all the referenced target tables depending on the kind of
350-
statement;
351-
in addition, <literal>db_table:select</> is also checked for
352-
all the tables that contain the columns referenced in the
350+
statement; in addition, <literal>db_table:select</> is also checked for
351+
all the tables that contain columns referenced in the
353352
<literal>WHERE</> or <literal>RETURNING</> clause, as a data source
354-
of <literal>UPDATE</>, and so on. For example, consider:
355-
356-
<synopsis>
357-
UPDATE t1 SET x = 2, y = md5sum(y) WHERE z = 100;
358-
</synopsis>
359-
360-
In this case we must have <literal>db_table:select</> in addition to
361-
<literal>db_table:update</>, because <literal>t1.a</> is referenced
362-
within the <literal>WHERE</> clause. Column-level permissions will also be
363-
checked for each referenced column.
353+
for <literal>UPDATE</>, and so on.
364354
</para>
365355

366356
<para>
367-
For columns, <literal>db_column:select</> ischeckedon
368-
not only the columns being read using<literal>SELECT</>, but those being
369-
referenced in other DML statements.
370-
Of course, it also checks<literal>db_column:update</> or
371-
<literal>db_column:insert</> oncolumns being modified by
372-
<literal>UPDATE</> or <literal>INSERT</>.
357+
Column-level permissions will also becheckedfor each referenced column.
358+
<literal>db_column:select</> is checked on not only the columns being
359+
read using <literal>SELECT</>, but those beingreferenced in other DML
360+
statements;<literal>db_column:update</> or <literal>db_column:insert</>
361+
will also be checked forcolumns being modified by <literal>UPDATE</> or
362+
<literal>INSERT</>.
373363
</para>
374364

375365
<para>
366+
For example, consider:
376367
<synopsis>
377368
UPDATE t1 SET x = 2, y = md5sum(y) WHERE z = 100;
378369
</synopsis>
379-
In this case, it checks <literal>db_column:update</> on the column
380-
<literal>t1.x</> being updated, <literal>db_column:{select update}</>
381-
on the column <literal>t1.y</> being updated and referenced, and
382-
<literal>db_column:select</> on the column <literal>t1.z</>, since that is
383-
only referenced in the <literal>WHERE</> clause.
370+
371+
Here, <literal>db_column:update</> will be checked for
372+
<literal>t1.x</>, since it is being updated,
373+
<literal>db_column:{select update}</> will be checked for
374+
<literal>t1.y</>, since it is both updated and referenced, and
375+
<literal>db_column:select</> will be checked for <literal>t1.z</>, since
376+
it is only referenced.
384377
<literal>db_table:{select update}</> will also be checked
385378
at the table level.
386379
</para>

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp