diff options
| -rw-r--r-- | doc/src/sgml/ref/grant.sgml | 11 | ||||
| -rw-r--r-- | doc/src/sgml/ref/revoke.sgml | 7 | ||||
| -rw-r--r-- | doc/src/sgml/user-manag.sgml | 6 |
3 files changed, 16 insertions, 8 deletions
diff --git a/doc/src/sgml/ref/grant.sgml b/doc/src/sgml/ref/grant.sgml index 9b1ed1aebae..d846cd07fde 100644 --- a/doc/src/sgml/ref/grant.sgml +++ b/doc/src/sgml/ref/grant.sgml @@ -1,5 +1,5 @@ <!-- -$PostgreSQL: pgsql/doc/src/sgml/ref/grant.sgml,v 1.59 2006/07/20 18:00:03 momjian Exp $ +$PostgreSQL: pgsql/doc/src/sgml/ref/grant.sgml,v 1.60 2006/08/02 16:29:49 tgl Exp $ PostgreSQL documentation --> @@ -50,8 +50,7 @@ GRANT { CREATE | ALL [ PRIVILEGES ] } ON TABLESPACE <replaceable>tablespacename</> [, ...] TO { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...] [ WITH GRANT OPTION ] -GRANT <replaceable class="PARAMETER">role</replaceable> [, ...] - TO { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...] [ WITH ADMIN OPTION ] +GRANT <replaceable class="PARAMETER">role</replaceable> [, ...] TO <replaceable class="PARAMETER">username</replaceable> [, ...] [ WITH ADMIN OPTION ] </synopsis> </refsynopsisdiv> @@ -325,6 +324,12 @@ GRANT <replaceable class="PARAMETER">role</replaceable> [, ...] Roles having <literal>CREATEROLE</> privilege can grant or revoke membership in any role that is not a superuser. </para> + + <para> + Unlike the case with privileges, membership in a role cannot be granted + to <literal>PUBLIC</>. Note also that this form of the command does not + allow the noise word <literal>GROUP</>. + </para> </refsect2> </refsect1> diff --git a/doc/src/sgml/ref/revoke.sgml b/doc/src/sgml/ref/revoke.sgml index bccb8010b5f..df38437436f 100644 --- a/doc/src/sgml/ref/revoke.sgml +++ b/doc/src/sgml/ref/revoke.sgml @@ -1,5 +1,5 @@ <!-- -$PostgreSQL: pgsql/doc/src/sgml/ref/revoke.sgml,v 1.38 2006/04/30 21:15:33 tgl Exp $ +$PostgreSQL: pgsql/doc/src/sgml/ref/revoke.sgml,v 1.39 2006/08/02 16:29:49 tgl Exp $ PostgreSQL documentation --> @@ -65,8 +65,7 @@ REVOKE [ GRANT OPTION FOR ] [ CASCADE | RESTRICT ] REVOKE [ ADMIN OPTION FOR ] - <replaceable class="PARAMETER">role</replaceable> [, ...] - FROM { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...] + <replaceable class="PARAMETER">role</replaceable> [, ...] FROM <replaceable class="PARAMETER">username</replaceable> [, ...] [ CASCADE | RESTRICT ] </synopsis> </refsynopsisdiv> @@ -119,6 +118,8 @@ REVOKE [ ADMIN OPTION FOR ] <para> When revoking membership in a role, <literal>GRANT OPTION</> is instead called <literal>ADMIN OPTION</>, but the behavior is similar. + Note also that this form of the command does not + allow the noise word <literal>GROUP</>. </para> </refsect1> diff --git a/doc/src/sgml/user-manag.sgml b/doc/src/sgml/user-manag.sgml index 41e60200919..c86837d1f7a 100644 --- a/doc/src/sgml/user-manag.sgml +++ b/doc/src/sgml/user-manag.sgml @@ -1,4 +1,4 @@ -<!-- $PostgreSQL: pgsql/doc/src/sgml/user-manag.sgml,v 1.35 2006/04/30 21:15:32 tgl Exp $ --> +<!-- $PostgreSQL: pgsql/doc/src/sgml/user-manag.sgml,v 1.36 2006/08/02 16:29:49 tgl Exp $ --> <chapter id="user-manag"> <title>Database Roles and Privileges</title> @@ -375,7 +375,9 @@ REVOKE <replaceable>group_role</replaceable> FROM <replaceable>role1</replaceabl </synopsis> You can grant membership to other group roles, too (since there isn't really any distinction between group roles and non-group roles). The - only restriction is that you can't set up circular membership loops. + database will not let you set up circular membership loops. Also, + it is not permitted to grant membership in a role to + <literal>PUBLIC</literal>. </para> <para> |