Sophie

Sophie

distrib > Mandriva > 2008.1 > x86_64 > media > main-testing > by-pkgid > bab02a23fa9f3df8d66a9a3231b50245 > files > 442

postgresql8.3-docs-8.3.6-2mdv2008.1.x86_64.rpm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML
><HEAD
><TITLE
>Privileges</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.79"><LINK
REV="MADE"
HREF="mailto:pgsql-docs@postgresql.org"><LINK
REL="HOME"
TITLE="PostgreSQL 8.3.6 Documentation"
HREF="index.html"><LINK
REL="UP"
TITLE="Database Roles and Privileges"
HREF="user-manag.html"><LINK
REL="PREVIOUS"
TITLE="Role Attributes"
HREF="role-attributes.html"><LINK
REL="NEXT"
TITLE="Role Membership"
HREF="role-membership.html"><LINK
REL="STYLESHEET"
TYPE="text/css"
HREF="stylesheet.css"><META
HTTP-EQUIV="Content-Type"
CONTENT="text/html; charset=ISO-8859-1"><META
NAME="creation"
CONTENT="2009-02-03T04:34:16"></HEAD
><BODY
CLASS="SECT1"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="5"
ALIGN="center"
VALIGN="bottom"
>PostgreSQL 8.3.6 Documentation</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="top"
><A
HREF="role-attributes.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="top"
><A
HREF="user-manag.html"
>Fast Backward</A
></TD
><TD
WIDTH="60%"
ALIGN="center"
VALIGN="bottom"
>Chapter 19. Database Roles and Privileges</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="top"
><A
HREF="user-manag.html"
>Fast Forward</A
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="top"
><A
HREF="role-membership.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="PRIVILEGES"
>19.3. Privileges</A
></H1
><A
NAME="AEN25914"
></A
><A
NAME="AEN25916"
></A
><A
NAME="AEN25918"
></A
><A
NAME="AEN25920"
></A
><P
>   When an object is created, it is assigned an owner. The
   owner is normally the role that executed the creation statement.
   For most kinds of objects, the initial state is that only the owner
   (or a superuser) can do anything with the object. To allow
   other roles to use it, <I
CLASS="FIRSTTERM"
>privileges</I
> must be
   granted.
   There are several different kinds of privilege: <TT
CLASS="LITERAL"
>SELECT</TT
>,
   <TT
CLASS="LITERAL"
>INSERT</TT
>, <TT
CLASS="LITERAL"
>UPDATE</TT
>, <TT
CLASS="LITERAL"
>DELETE</TT
>,
   <TT
CLASS="LITERAL"
>REFERENCES</TT
>, <TT
CLASS="LITERAL"
>TRIGGER</TT
>,
   <TT
CLASS="LITERAL"
>CREATE</TT
>, <TT
CLASS="LITERAL"
>CONNECT</TT
>, <TT
CLASS="LITERAL"
>TEMPORARY</TT
>,
   <TT
CLASS="LITERAL"
>EXECUTE</TT
>, and <TT
CLASS="LITERAL"
>USAGE</TT
>.
   For more information on the different types of privileges supported by
   <SPAN
CLASS="PRODUCTNAME"
>PostgreSQL</SPAN
>, see the
   <A
HREF="sql-grant.html"
><I
>GRANT</I
></A
> reference page.
  </P
><P
>   To assign privileges, the <TT
CLASS="COMMAND"
>GRANT</TT
> command is
   used. So, if <TT
CLASS="LITERAL"
>joe</TT
> is an existing role, and
   <TT
CLASS="LITERAL"
>accounts</TT
> is an existing table, the privilege to
   update the table can be granted with:
</P><PRE
CLASS="PROGRAMLISTING"
>GRANT UPDATE ON accounts TO joe;</PRE
><P>
   The special name <TT
CLASS="LITERAL"
>PUBLIC</TT
> can
   be used to grant a privilege to every role on the system. Writing
   <TT
CLASS="LITERAL"
>ALL</TT
> in place of a specific privilege specifies that all
   privileges that apply to the object will be granted.
  </P
><P
>   To revoke a privilege, use the fittingly named
   <A
HREF="sql-revoke.html"
><I
>REVOKE</I
></A
> command:
</P><PRE
CLASS="PROGRAMLISTING"
>REVOKE ALL ON accounts FROM PUBLIC;</PRE
><P>
  </P
><P
>   The special privileges of an object's owner (i.e., the right to modify
   or destroy the object) are always implicit in being the owner,
   and cannot be granted or revoked.  But the owner can choose
   to revoke his own ordinary privileges, for example to make a
   table read-only for himself as well as others.
  </P
><P
>   An object can be assigned to a new owner with an <TT
CLASS="COMMAND"
>ALTER</TT
>
   command of the appropriate kind for the object.  Superusers can always do
   this; ordinary roles can only do it if they are both the current owner
   of the object (or a member of the owning role) and a member of the new
   owning role.
  </P
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="role-attributes.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="role-membership.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Role Attributes</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="user-manag.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Role Membership</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional