GRANT and REVOKE grammar.

Mon, 26 Feb 2018 05:35:25 -0800

Hi all.

The way it is described in the documentation for GRANT syntax (https://www.postgresql.org/docs/10/static/sql-grant.html end all prior versions) doesn't look quite right. According to the doc, something like that shouldn't be possible: GRANT SELECT(field), TRUNCATE, INSERT(abc) ON TABLE foobar TO alexey, namely mixing privileges with column name in parens (eg. INSERT(abc)) and without (eg. TRUNCATE) in the same GRANT statement, but clearly it is correct syntax.

So instead of current grammar in the doc:

GRANT { { SELECT | INSERT | UPDATE | DELETE | TRUNCATE | REFERENCES | TRIGGER }
    [, ...] | ALL [ PRIVILEGES ] }
    ON { [ TABLE ] table_name [, ...]
         | ALL TABLES IN SCHEMA schema_name [, ...] }
    TO role_specification [, ...] [ WITH GRANT OPTION ]

GRANT { { SELECT | INSERT | UPDATE | REFERENCES } ( column_name [, ...] )
    [, ...] | ALL [ PRIVILEGES ] ( column_name [, ...] ) }
    ON [ TABLE ] table_name [, ...]
    TO role_specification [, ...] [ WITH GRANT OPTION ]

I suggest it should be:

GRANT { { SELECT | INSERT | UPDATE | DELETE | TRUNCATE | REFERENCES | TRIGGER }
    [, ...] | ALL [ PRIVILEGES ] }
    ON { ALL TABLES IN SCHEMA schema_name [, ...] }
    TO role_specification [, ...] [ WITH GRANT OPTION ]

GRANT { { { SELECT | INSERT | UPDATE | REFERENCES } [ ( column_name [, ...] ) ]
        | { DELETE | TRUNCATE | TRIGGER } }
    [, ...] | ALL [ PRIVILEGES ] [ ( column_name [, ...] ) ] }
    ON [ TABLE ] table_name [, ...]
    TO role_specification [, ...] [ WITH GRANT OPTION ]

Does it make sense, or am I tripping?

Alternatively it could be:

GRANT { { SELECT | INSERT | UPDATE | DELETE | TRUNCATE | REFERENCES | TRIGGER }
    [, ...] | ALL [ PRIVILEGES ] }
    ON { [ TABLE ] table_name [, ...]
         | ALL TABLES IN SCHEMA schema_name [, ...] }
    TO role_specification [, ...] [ WITH GRANT OPTION ]

GRANT { { SELECT | INSERT | UPDATE | REFERENCES } [ ( column_name [, ...] ) ]
    [, ...] | ALL [ PRIVILEGES ] [ ( column_name [, ...] ) ] }
    ON [ TABLE ] table_name [, ...]
    TO role_specification [, ...] [ WITH GRANT OPTION ]

Note the [] around [ ( column_name [, ...] ) ], but the former is a bit clearer, I think.

Identical issue and solution applies to REVOKE syntax: https://www.postgresql.org/docs/10/static/sql-revoke.html

Forgive me if I am wrong, not a daily PostgreSQL user.

 

Thank you.

Alexey.

Reply via email to