On 1/7/06, Bruce Momjian <[email protected]> wrote:
> Marko Kreen wrote:
> > The above table seem bit messy, but I see it as much easier to explain
> > to somebody.
>
> I am confused about your list above, so I can't see how that would be
> easy to explain.
Easy as in "use GRANT USAGE, forget about rest". You are confused
because you know the old way and look them together.
I would have liked to say "the rest are for fine-grained access control",
but with Tom's final proposal, the explanation would continue "SELECT,
UPDATE are for backwards compatibility".
Attached is a patch that fixes tablename->seqname and puts USAGE
as first in list to show it's the preferred way. I think it should
be mentioned somewhere explicitly, but I cant find proper place for
it. In the Compatibility section for GRANT?
--
marko
Index: pgsql/doc/src/sgml/ref/grant.sgml
===================================================================
*** pgsql.orig/doc/src/sgml/ref/grant.sgml
--- pgsql/doc/src/sgml/ref/grant.sgml
*************** GRANT { { SELECT | INSERT | UPDATE | DEL
*** 25,33 ****
ON [ TABLE ] <replaceable class="PARAMETER">tablename</replaceable> [, ...]
TO { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...] [ WITH GRANT OPTION ]
! GRANT { { SELECT | USAGE | UPDATE }
[,...] | ALL [ PRIVILEGES ] }
! ON SEQUENCE <replaceable class="PARAMETER">tablename</replaceable> [, ...]
TO { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...] [ WITH GRANT OPTION ]
GRANT { { CREATE | TEMPORARY | TEMP } [,...] | ALL [ PRIVILEGES ] }
--- 25,33 ----
ON [ TABLE ] <replaceable class="PARAMETER">tablename</replaceable> [, ...]
TO { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...] [ WITH GRANT OPTION ]
! GRANT { { USAGE | SELECT | UPDATE }
[,...] | ALL [ PRIVILEGES ] }
! ON SEQUENCE <replaceable class="PARAMETER">sequencename</replaceable> [, ...]
TO { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...] [ WITH GRANT OPTION ]
GRANT { { CREATE | TEMPORARY | TEMP } [,...] | ALL [ PRIVILEGES ] }
Index: pgsql/doc/src/sgml/ref/revoke.sgml
===================================================================
*** pgsql.orig/doc/src/sgml/ref/revoke.sgml
--- pgsql/doc/src/sgml/ref/revoke.sgml
*************** REVOKE [ GRANT OPTION FOR ]
*** 28,36 ****
[ CASCADE | RESTRICT ]
REVOKE [ GRANT OPTION FOR ]
! { { SELECT | UPDATE }
[,...] | ALL [ PRIVILEGES ] }
! ON SEQUENCE <replaceable class="PARAMETER">tablename</replaceable> [, ...]
FROM { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
[ CASCADE | RESTRICT ]
--- 28,36 ----
[ CASCADE | RESTRICT ]
REVOKE [ GRANT OPTION FOR ]
! { { USAGE | SELECT | UPDATE }
[,...] | ALL [ PRIVILEGES ] }
! ON SEQUENCE <replaceable class="PARAMETER">sequencename</replaceable> [, ...]
FROM { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
[ CASCADE | RESTRICT ]
---------------------------(end of broadcast)---------------------------
TIP 5: don't forget to increase your free space map settings
