Skip to content

Commit b0bcf8a

Browse files
tglsfdctglsfdc
committed
Restructure AclItem representation so that we can have more than eight
different privilege bits (might as well make use of the space we were wasting on padding). EXECUTE and USAGE bits for procedures, languages now are separate privileges instead of being overlaid on SELECT. Add privileges for namespaces and databases. The GRANT and REVOKE commands work for these object types, but we don't actually enforce the privileges yet...
1 parent ad201b8 commit b0bcf8a

File tree

20 files changed

+832
-510
lines changed

20 files changed

+832
-510
lines changed

doc/src/sgml/catalogs.sgml

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
<!--
22
Documentation of the system catalogs, directed toward PostgreSQL developers
3-
$Header: /cvsroot/pgsql/doc/src/sgml/catalogs.sgml,v 2.42 2002/04/16 23:08:09 tgl Exp $
3+
$Header: /cvsroot/pgsql/doc/src/sgml/catalogs.sgml,v 2.43 2002/04/21 00:26:42 tgl Exp $
44
-->
55

66
<chapter id="catalogs">
@@ -825,7 +825,7 @@
825825
<entry>
826826
If true then this database can be used in the
827827
<quote>TEMPLATE</quote> clause of <command>CREATE
828-
DATABASE</command> to create the new database as a clone of
828+
DATABASE</command> to create a new database as a clone of
829829
this one.
830830
</entry>
831831
</row>
@@ -890,6 +890,13 @@
890890
<entry></entry>
891891
<entry>Session defaults for run-time configuration variables</entry>
892892
</row>
893+
894+
<row>
895+
<entry>datacl</entry>
896+
<entry><type>aclitem[]</type></entry>
897+
<entry></entry>
898+
<entry>Access permissions</entry>
899+
</row>
893900
</tbody>
894901
</tgroup>
895902
</table>

doc/src/sgml/ref/grant.sgml

Lines changed: 48 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
<!--
2-
$Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.21 2002/02/21 22:39:36 momjian Exp $
2+
$Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.22 2002/04/21 00:26:42 tgl Exp $
33
PostgreSQL documentation
44
-->
55

@@ -18,7 +18,11 @@ PostgreSQL documentation
1818
<synopsis>
1919
GRANT { { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRIGGER }
2020
[,...] | ALL [ PRIVILEGES ] }
21-
ON [ TABLE ] <replaceable class="PARAMETER">objectname</replaceable> [, ...]
21+
ON [ TABLE ] <replaceable class="PARAMETER">tablename</replaceable> [, ...]
22+
TO { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
23+
24+
GRANT { { CREATE | TEMPORARY | TEMP } [,...] | ALL [ PRIVILEGES ] }
25+
ON DATABASE <replaceable>dbname</replaceable> [, ...]
2226
TO { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
2327

2428
GRANT { EXECUTE | ALL [ PRIVILEGES ] }
@@ -28,6 +32,10 @@ GRANT { EXECUTE | ALL [ PRIVILEGES ] }
2832
GRANT { USAGE | ALL [ PRIVILEGES ] }
2933
ON LANGUAGE <replaceable>langname</replaceable> [, ...]
3034
TO { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
35+
36+
GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
37+
ON SCHEMA <replaceable>schemaname</replaceable> [, ...]
38+
TO { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
3139
</synopsis>
3240
</refsynopsisdiv>
3341

@@ -36,7 +44,8 @@ GRANT { USAGE | ALL [ PRIVILEGES ] }
3644

3745
<para>
3846
The <command>GRANT</command> command gives specific permissions on
39-
an object (table, view, sequence, function, procedural language) to
47+
an object (table, view, sequence, database, function, procedural language,
48+
or schema) to
4049
one or more users or groups of users. These permissions are added
4150
to those already granted, if any.
4251
</para>
@@ -144,6 +153,29 @@ GRANT { USAGE | ALL [ PRIVILEGES ] }
144153
</listitem>
145154
</varlistentry>
146155

156+
<varlistentry>
157+
<term>CREATE</term>
158+
<listitem>
159+
<para>
160+
For databases, allows new schemas to be created in the database.
161+
</para>
162+
<para>
163+
For schemas, allows new objects to be created within the specified
164+
schema.
165+
</para>
166+
</listitem>
167+
</varlistentry>
168+
169+
<varlistentry>
170+
<term>TEMPORARY</term>
171+
<term>TEMP</term>
172+
<listitem>
173+
<para>
174+
Allows temporary tables to be created while using the database.
175+
</para>
176+
</listitem>
177+
</varlistentry>
178+
147179
<varlistentry>
148180
<term>EXECUTE</term>
149181
<listitem>
@@ -159,10 +191,16 @@ GRANT { USAGE | ALL [ PRIVILEGES ] }
159191
<term>USAGE</term>
160192
<listitem>
161193
<para>
162-
Allows the use of the specified procedural language for the
163-
creation of functions in that language. This is the only type
194+
For procedural languages, allows the use of the specified language for
195+
the creation of functions in that language. This is the only type
164196
of privilege that is applicable to procedural languages.
165197
</para>
198+
<para>
199+
For schemas, allows the use of objects contained in the specified
200+
schema (assuming that the objects' own privilege requirements are
201+
met). Essentially this allows the grantee to <quote>look up</>
202+
objects within the schema.
203+
</para>
166204
</listitem>
167205
</varlistentry>
168206

@@ -226,7 +264,11 @@ GRANT { USAGE | ALL [ PRIVILEGES ] }
226264
R -- RULE
227265
x -- REFERENCES
228266
t -- TRIGGER
229-
arwdRxt -- ALL PRIVILEGES
267+
X -- EXECUTE
268+
U -- USAGE
269+
C -- CREATE
270+
T -- TEMPORARY
271+
arwdRxt -- ALL PRIVILEGES (for tables)
230272
</programlisting>
231273
</para>
232274

doc/src/sgml/ref/revoke.sgml

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
<!--
2-
$Header: /cvsroot/pgsql/doc/src/sgml/ref/revoke.sgml,v 1.21 2002/02/21 22:39:36 momjian Exp $
2+
$Header: /cvsroot/pgsql/doc/src/sgml/ref/revoke.sgml,v 1.22 2002/04/21 00:26:42 tgl Exp $
33
PostgreSQL documentation
44
-->
55

@@ -18,7 +18,11 @@ PostgreSQL documentation
1818
<synopsis>
1919
REVOKE { { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRIGGER }
2020
[,...] | ALL [ PRIVILEGES ] }
21-
ON [ TABLE ] <replaceable class="PARAMETER">object</replaceable> [, ...]
21+
ON [ TABLE ] <replaceable class="PARAMETER">tablename</replaceable> [, ...]
22+
FROM { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
23+
24+
REVOKE { { CREATE | TEMPORARY | TEMP } [,...] | ALL [ PRIVILEGES ] }
25+
ON DATABASE <replaceable>dbname</replaceable> [, ...]
2226
FROM { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
2327

2428
REVOKE { EXECUTE | ALL [ PRIVILEGES ] }
@@ -28,6 +32,10 @@ REVOKE { EXECUTE | ALL [ PRIVILEGES ] }
2832
REVOKE { USAGE | ALL [ PRIVILEGES ] }
2933
ON LANGUAGE <replaceable>langname</replaceable> [, ...]
3034
FROM { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
35+
36+
REVOKE { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
37+
ON SCHEMA <replaceable>schemaname</replaceable> [, ...]
38+
FROM { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
3139
</synopsis>
3240
</refsynopsisdiv>
3341

0 commit comments

Comments
 (0)