Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
Greenplum
Gpdb
提交
48d25bac
G
Gpdb
项目概览
Greenplum
/
Gpdb
通知
7
Star
1
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
Gpdb
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
48d25bac
编写于
2月 20, 2011
作者:
B
Bruce Momjian
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Merge two documentation permission chapters into a single chapter.
上级
087bd179
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
38 addition
and
94 deletion
+38
-94
doc/src/sgml/ddl.sgml
doc/src/sgml/ddl.sgml
+34
-14
doc/src/sgml/user-manag.sgml
doc/src/sgml/user-manag.sgml
+4
-80
未找到文件。
doc/src/sgml/ddl.sgml
浏览文件 @
48d25bac
...
...
@@ -1400,13 +1400,33 @@ ALTER TABLE products RENAME TO items;
<see>privilege</see>
</indexterm>
<indexterm zone="ddl-priv">
<primary>owner</primary>
</indexterm>
<indexterm zone="ddl-priv">
<primary>GRANT</primary>
</indexterm>
<indexterm zone="ddl-priv">
<primary>REVOKE</primary>
</indexterm>
<para>
When you create a database object, you become its owner. By
default, only the owner of an object can do anything with the
object. In order to allow other users to use it,
<firstterm>privileges</firstterm> must be granted. (However,
users that have the superuser attribute can always
access any object.)
When an object is created, it is assigned an owner. The
owner is normally the role that executed the creation statement.
For most kinds of objects, the initial state is that only the owner
(or a superuser) can do anything with the object. To allow
other roles to use it, <firstterm>privileges</firstterm> must be
granted.
There are several different kinds of privilege: <literal>SELECT</>,
<literal>INSERT</>, <literal>UPDATE</>, <literal>DELETE</>,
<literal>TRUNCATE</>, <literal>REFERENCES</>, <literal>TRIGGER</>,
<literal>CREATE</>, <literal>CONNECT</>, <literal>TEMPORARY</>,
<literal>EXECUTE</>, and <literal>USAGE</>.
For more information on the different types of privileges supported by
<productname>PostgreSQL</productname>, see the
<xref linkend="sql-grant"> reference page.
</para>
<para>
...
...
@@ -1429,14 +1449,14 @@ ALTER TABLE products RENAME TO items;
the
owner
only
.
</
para
>
<
note
>
<
para
>
To
change
the
owner
of
a
table
,
index
,
sequence
,
or
view
,
use
the
<
xref
linkend
=
"sql-altertable"
>
command
.
There
are
corresponding
<
literal
>
ALTER
</>
commands
fo
r
other
object
types
.
</
para
>
</
note
>
<
para
>
An
object
can
be
assigned
to
a
new
owner
with
an
<
command
>
ALTER
</
command
>
command
of
the
appropriate
kind
for
the
object
,
e
.
g
.
<
xref
linkend
=
"sql-altertable"
>.
Superusers
can
always
do
this
;
ordinary
roles
can
only
do
it
if
they
are
both
the
current
owne
r
of
the
object
(
or
a
member
of
the
owning
role
)
and
a
member
of
the
new
owning
role
.
</
para
>
<
para
>
To
assign
privileges
,
the
<
command
>
GRANT
</
command
>
command
is
...
...
doc/src/sgml/user-manag.sgml
浏览文件 @
48d25bac
<!-- doc/src/sgml/user-manag.sgml -->
<chapter id="user-manag">
<title>Database Roles
and Privileges
</title>
<title>Database Roles</title>
<para>
<productname>PostgreSQL</productname> manages database access permissions
...
...
@@ -22,10 +22,9 @@
</para>
<para>
This chapter describes how to create and manage roles and introduces
the privilege system. More information about the various types of
database objects and the effects of privileges can be found in
<xref linkend="ddl">.
This chapter describes how to create and manage roles.
More information about the effects of privileges on various database
objects can be found in <xref linkend="ddl-priv">.
</para>
<sect1 id="database-roles">
...
...
@@ -282,81 +281,6 @@ ALTER ROLE myname SET enable_indexscan TO off;
</para>
</sect1>
<sect1 id="privileges">
<title>Privileges</title>
<indexterm zone="privileges">
<primary>privilege</primary>
</indexterm>
<indexterm zone="privileges">
<primary>owner</primary>
</indexterm>
<indexterm zone="privileges">
<primary>GRANT</primary>
</indexterm>
<indexterm zone="privileges">
<primary>REVOKE</primary>
</indexterm>
<para>
When an object is created, it is assigned an owner. The
owner is normally the role that executed the creation statement.
For most kinds of objects, the initial state is that only the owner
(or a superuser) can do anything with the object. To allow
other roles to use it, <firstterm>privileges</firstterm> must be
granted.
There are several different kinds of privilege: <literal>SELECT</>,
<literal>INSERT</>, <literal>UPDATE</>, <literal>DELETE</>,
<literal>TRUNCATE</>, <literal>REFERENCES</>, <literal>TRIGGER</>,
<literal>CREATE</>, <literal>CONNECT</>, <literal>TEMPORARY</>,
<literal>EXECUTE</>, and <literal>USAGE</>.
For more information on the different types of privileges supported by
<productname>PostgreSQL</productname>, see the
<xref linkend="sql-grant"> reference page.
</para>
<para>
To assign privileges, the <command>GRANT</command> command is
used. So, if <literal>joe</literal> is an existing role, and
<literal>accounts</literal> is an existing table, the privilege to
update the table can be granted with:
<programlisting>
GRANT UPDATE ON accounts TO joe;
</programlisting>
The special name <literal>PUBLIC</literal> can
be used to grant a privilege to every role on the system. Writing
<literal>ALL</literal> in place of a specific privilege specifies that all
privileges that apply to the object will be granted.
</para>
<para>
To revoke a privilege, use the fittingly named
<xref linkend="sql-revoke"> command:
<programlisting>
REVOKE ALL ON accounts FROM PUBLIC;
</programlisting>
</para>
<para>
The special privileges of an object's owner (i.e., the right to modify
or destroy the object) are always implicit in being the owner,
and cannot be granted or revoked. But the owner can choose
to revoke his own ordinary privileges, for example to make a
table read-only for himself as well as others.
</para>
<para>
An object can be assigned to a new owner with an <command>ALTER</command>
command of the appropriate kind for the object. Superusers can always do
this; ordinary roles can only do it if they are both the current owner
of the object (or a member of the owning role) and a member of the new
owning role.
</para>
</sect1>
<sect1 id="role-membership">
<title>Role Membership</title>
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录