On 1/7/06, Bruce Momjian <pgman@candle.pha.pa.us> wrote: > Marko Kreen wrote: > > The above table seem bit messy, but I see it as much easier to explain > > to somebody. > > I am confused about your list above, so I can't see how that would be > easy to explain.
Easy as in "use GRANT USAGE, forget about rest". You are confused because you know the old way and look them together. I would have liked to say "the rest are for fine-grained access control", but with Tom's final proposal, the explanation would continue "SELECT, UPDATE are for backwards compatibility". Attached is a patch that fixes tablename->seqname and puts USAGE as first in list to show it's the preferred way. I think it should be mentioned somewhere explicitly, but I cant find proper place for it. In the Compatibility section for GRANT? -- marko
Index: pgsql/doc/src/sgml/ref/grant.sgml =================================================================== *** pgsql.orig/doc/src/sgml/ref/grant.sgml --- pgsql/doc/src/sgml/ref/grant.sgml *************** GRANT { { SELECT | INSERT | UPDATE | DEL *** 25,33 **** ON [ TABLE ] <replaceable class="PARAMETER">tablename</replaceable> [, ...] TO { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...] [ WITH GRANT OPTION ] ! GRANT { { SELECT | USAGE | UPDATE } [,...] | ALL [ PRIVILEGES ] } ! ON SEQUENCE <replaceable class="PARAMETER">tablename</replaceable> [, ...] TO { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...] [ WITH GRANT OPTION ] GRANT { { CREATE | TEMPORARY | TEMP } [,...] | ALL [ PRIVILEGES ] } --- 25,33 ---- ON [ TABLE ] <replaceable class="PARAMETER">tablename</replaceable> [, ...] TO { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...] [ WITH GRANT OPTION ] ! GRANT { { USAGE | SELECT | UPDATE } [,...] | ALL [ PRIVILEGES ] } ! ON SEQUENCE <replaceable class="PARAMETER">sequencename</replaceable> [, ...] TO { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...] [ WITH GRANT OPTION ] GRANT { { CREATE | TEMPORARY | TEMP } [,...] | ALL [ PRIVILEGES ] } Index: pgsql/doc/src/sgml/ref/revoke.sgml =================================================================== *** pgsql.orig/doc/src/sgml/ref/revoke.sgml --- pgsql/doc/src/sgml/ref/revoke.sgml *************** REVOKE [ GRANT OPTION FOR ] *** 28,36 **** [ CASCADE | RESTRICT ] REVOKE [ GRANT OPTION FOR ] ! { { SELECT | UPDATE } [,...] | ALL [ PRIVILEGES ] } ! ON SEQUENCE <replaceable class="PARAMETER">tablename</replaceable> [, ...] FROM { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...] [ CASCADE | RESTRICT ] --- 28,36 ---- [ CASCADE | RESTRICT ] REVOKE [ GRANT OPTION FOR ] ! { { USAGE | SELECT | UPDATE } [,...] | ALL [ PRIVILEGES ] } ! ON SEQUENCE <replaceable class="PARAMETER">sequencename</replaceable> [, ...] FROM { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...] [ CASCADE | RESTRICT ]
---------------------------(end of broadcast)--------------------------- TIP 5: don't forget to increase your free space map settings