Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitec62ba9

Browse files
committed
Try to be a little bit clearer about the implications of GRANT TO PUBLIC
and REVOKE FROM PUBLIC: the latter is not the same as 'revoke from allusers', but the ref page blurred the difference.
1 parent6f65678 commitec62ba9

File tree

2 files changed

+34
-12
lines changed

2 files changed

+34
-12
lines changed

‎doc/src/sgml/ref/grant.sgml‎

Lines changed: 18 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
<!--
2-
$Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.15 2001/11/18 20:35:02 petere Exp $
2+
$Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.16 2001/11/19 19:03:56 tgl Exp $
33
Postgres documentation
44
-->
55

@@ -27,18 +27,30 @@ GRANT { { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRIGGER } [,..
2727

2828
<para>
2929
The <command>GRANT</command> command gives specific permissions on
30-
an object (table, view, sequence) to a user or a group of users.
31-
The special key word <literal>PUBLIC</literal> indicates that the
30+
an object (table, view, sequence) to one or more users or groups of users.
31+
These permissions are added to those already granted, if any.
32+
</para>
33+
34+
<para>
35+
The key word <literal>PUBLIC</literal> indicates that the
3236
privileges are to be granted to all users, including those that may
33-
be created later.
37+
be created later. <literal>PUBLIC</literal> may be thought of as an
38+
implicitly defined group that always includes all users.
39+
Note that any particular user will have the sum
40+
of privileges granted directly to him, privileges granted to any group he
41+
is presently a member of, and privileges granted to
42+
<literal>PUBLIC</literal>.
3443
</para>
3544

3645
<para>
3746
Users other than the creator do not have any access privileges
38-
unless the creator grants permissions, after the object is created.
47+
to an objectunless the creator grants permissions.
3948
There is no need to grant privileges to the creator of an object,
4049
as the creator automatically holds all privileges, and can also
41-
drop the object.
50+
drop the object. (The creator could, however, choose to revoke
51+
some of his own privileges for safety. Note that the ability to
52+
grant and revoke privileges is inherent in the creator and cannot
53+
be lost.)
4254
</para>
4355

4456
<para>

‎doc/src/sgml/ref/revoke.sgml‎

Lines changed: 16 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
<!--
2-
$Header: /cvsroot/pgsql/doc/src/sgml/ref/revoke.sgml,v 1.17 2001/11/18 20:35:02 petere Exp $
2+
$Header: /cvsroot/pgsql/doc/src/sgml/ref/revoke.sgml,v 1.18 2001/11/19 19:03:56 tgl Exp $
33
Postgres documentation
44
-->
55

@@ -27,9 +27,19 @@ REVOKE { { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRIGGER } [,.
2727

2828
<para>
2929
<command>REVOKE</command> allows the creator of an object to revoke
30-
permissions granted before, from a users or a group of users. The
31-
key word <literal>PUBLIC</literal> means to revoke this privilege
32-
from all users.
30+
previously granted permissions from one or more users or groups of users.
31+
The key word <literal>PUBLIC</literal> refers to the implicitly defined
32+
group of all users.
33+
</para>
34+
35+
<para>
36+
Note that any particular user will have the sum
37+
of privileges granted directly to him, privileges granted to any group he
38+
is presently a member of, and privileges granted to
39+
<literal>PUBLIC</literal>. Thus, for example, revoking SELECT privilege
40+
from <literal>PUBLIC</literal> does not necessarily mean that all users
41+
have lost SELECT privilege on the object: those who have it granted
42+
directly or via a group will still have it.
3343
</para>
3444

3545
<para>
@@ -52,7 +62,7 @@ REVOKE { { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRIGGER } [,.
5262
<title>Examples</title>
5363

5464
<para>
55-
Revoke insert privilegefrom all users on table
65+
Revoke insert privilegefor the public on table
5666
<literal>films</literal>:
5767

5868
<programlisting>
@@ -93,7 +103,7 @@ REVOKE [ GRANT OPTION FOR ] { SELECT | INSERT | UPDATE | DELETE | REFERENCES }
93103
this privilege in cascade using the CASCADE keyword.
94104
If user1 gives a privilege WITH GRANT OPTION to user2,
95105
and user2 gives it to user3, then if user1 tries to revoke
96-
this privilege it fails if hespecify the RESTRICT
106+
this privilege it fails if hespecifies the RESTRICT
97107
keyword.
98108
</para>
99109
</refsect2>

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp