revoke.sgml
上传用户:blenddy
上传日期:2007-01-07
资源大小:6495k
文件大小:9k
- <refentry id="SQL-REVOKE">
- <refmeta>
- <refentrytitle>
- REVOKE
- </refentrytitle>
- <refmiscinfo>SQL - Language Statements</refmiscinfo>
- </refmeta>
- <refnamediv>
- <refname>
- REVOKE
- </refname>
- <refpurpose>
- Revokes access privilege from a user, a group or all users.
- </refpurpose>
- </refnamediv>
- <refsynopsisdiv>
- <refsynopsisdivinfo>
- <date>1998-09-24</date>
- </refsynopsisdivinfo>
- <synopsis>
- REVOKE <replaceable class="PARAMETER">privilege</replaceable> [, ...]
- ON <replaceable class="PARAMETER">object</replaceable> [, ...]
- FROM { PUBLIC | GROUP <replaceable class="PARAMETER">ER">g</replaceable>BLE> | <replaceable class="PARAMETER">username</replaceable> }
- </synopsis>
- <refsect2 id="R2-SQL-REVOKE-1">
- <refsect2info>
- <date>1998-09-24</date>
- </refsect2info>
- <title>
- Inputs
- </title>
- <para>
- <variablelist>
- <varlistentry>
- <term><replaceable class="PARAMETER">privilege</replaceable></term>
- <listitem>
- <para>
- The possible privileges are:
- <variablelist>
- <varlistentry>
- <term>SELECT</term>
- <listitem>
- <para>
- Privilege to access all of the columns of a specific
- table/view.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>INSERT</term>
- <listitem>
- <para>
- Privilege to insert data into all columns of a
- specific table.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>UPDATE</term>
- <listitem>
- <para>
- Privilege to update all columns of a specific
- table.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>DELETE</term>
- <listitem>
- <para>
- Privilege to delete rows from a specific table.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>RULE</term>
- <listitem>
- <para>
- Privilege to define rules on table/view.
- (See <command>CREATE RULE</command>).
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>ALL</term>
- <listitem>
- <para>
- Rescind all privileges.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><replaceable class="PARAMETER">object</replaceable></term>
- <listitem>
- <para>
- The name of an object from which to revoke access.
- The possible objects are:
- <itemizedlist spacing="compact" mark="bullet">
- <listitem>
- <para>
- table
- </para>
- </listitem>
- <listitem>
- <para>
- view
- </para>
- </listitem>
- <listitem>
- <para>
- sequence
- </para>
- </listitem>
- <listitem>
- <para>
- index
- </para>
- </listitem>
- </itemizedlist>
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><replaceable class="PARAMETER">group</replaceable></term>
- <listitem>
- <para>
- The name of a group from whom to revoke privileges.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><replaceable class="PARAMETER">username</replaceable></term>
- <listitem>
- <para>
- The name of a user from whom revoke privileges. Use the PUBLIC keyword
- to specify all users.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>PUBLIC</term>
- <listitem>
- <para>
- Rescind the specified privilege(s) for all users.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </para>
- </refsect2>
- <refsect2 id="R2-SQL-REVOKE-2">
- <refsect2info>
- <date>1998-09-24</date>
- </refsect2info>
- <title>
- Outputs
- </title>
- <para>
- <variablelist>
- <varlistentry>
- <term><computeroutput>
- CHANGE
- </computeroutput></term>
- <listitem>
- <para>
- Message returned if successfully.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term><computeroutput>
- ERROR
- </computeroutput></term>
- <listitem>
- <para>
- Message returned if object is not available or impossible
- to revoke privileges from a group or users.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </para>
- </refsect2>
- </refsynopsisdiv>
- <refsect1 id="R1-SQL-REVOKE-1">
- <refsect1info>
- <date>1998-09-24</date>
- </refsect1info>
- <title>
- Description
- </title>
- <para>
- <command>REVOKE</command> allows creator of an object to revoke permissions granted
- before, from all users (via PUBLIC) or a certain user or group.
- </para>
- <refsect2 id="R2-SQL-REVOKE-3">
- <refsect2info>
- <date>1998-09-24</date>
- </refsect2info>
- <title>
- Notes
- </title>
- <para>
- Refer to psql z command for further information about permissions
- on existing objects:
- <programlisting>
- Database = lusitania
- +------------------+---------------------------------------------+
- | Relation | Grant/Revoke Permissions |
- +------------------+---------------------------------------------+
- | mytable | {"=rw","miriam=arwR","group todos=rw"} |
- +------------------+---------------------------------------------+
- Legend:
- uname=arwR -- privileges granted to a user
- group gname=arwR -- privileges granted to a GROUP
- =arwR -- privileges granted to PUBLIC
-
- r -- SELECT
- w -- UPDATE/DELETE
- a -- INSERT
- R -- RULE
- arwR -- ALL
- </programlisting>
- </para>
- <tip>
- <para>
- Currently, to create a GROUP you have to insert
- data manually into table pg_group as:
- <programlisting>
- INSERT INTO pg_group VALUES ('todos');
- CREATE USER miriam IN GROUP todos;
- </programlisting>
- </para>
- </tip>
- </refsect2>
- </refsect1>
- <refsect1 id="R1-SQL-REVOKE-2">
- <title>
- Usage
- </title>
- <para>
- Revoke insert privilege from all users on table
- <literal>films</literal>:
- <programlisting>
- REVOKE INSERT ON films FROM PUBLIC;
- </programlisting>
- </para>
- <para>
- Revoke all privileges from user <literal>manuel</literal> on view <literal>kinds</literal>:
- <programlisting>
- REVOKE ALL ON kinds FROM manuel;
- </programlisting>
- </para>
- </refsect1>
- <refsect1 id="R1-SQL-REVOKE-3">
- <title>
- Compatibility
- </title>
- <refsect2 id="R2-SQL-REVOKE-4">
- <refsect2info>
- <date>1998-09-01</date>
- </refsect2info>
- <title>
- SQL92
- </title>
- <para>
- The SQL92 syntax for <command>REVOKE</command>
- has additional capabilities for rescinding
- privileges, including those on individual columns in tables:
- <variablelist>
- <varlistentry>
- <term>
- <synopsis>
- REVOKE { SELECT | DELETE | USAGE | ALL PRIVILEGES } [, ...]
- ON <replaceable class="parameter">object</replaceable>
- FROM { PUBLIC | <replaceable class="parameter">username</replaceable> [, ...] } { RESTRICT | CASCADE }
- REVOKE { INSERT | UPDATE | REFERENCES } [, ...] [ ( <replaceable class="parameter">column</replaceable> [, ...] ) ]
- ON <replaceable class="parameter">object</replaceable>
- FROM { PUBLIC | <replaceable class="parameter">username</replaceable> [, ...] } { RESTRICT | CASCADE }
- </synopsis>
- </term>
- <listitem>
- <para>
- Refer to <command>GRANT</command> for details on individual fields.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry>
- <term>
- <synopsis>
- REVOKE GRANT OPTION FOR <replaceable class="parameter">privilege</replaceable> [, ...]
- ON <replaceable class="parameter">object</replaceable>
- FROM { PUBLIC | <replaceable class="parameter">username</replaceable> [, ...] } { RESTRICT | CASCADE }
- </synopsis>
- </term>
- <listitem>
- <para>
- Rescinds authority for a user to grant the specified privilege
- to others.
- Refer to the <command>GRANT</command> command for details
- on individual fields.
- </para>
- </listitem>
- </varlistentry>
- </variablelist>
- </para>
- <para>
- The possible objects are:
- <simplelist>
- <member>
- [ TABLE ] table/view
- </member>
- <member>
- CHARACTER SET character-set
- </member>
- <member>
- COLLATION collation
- </member>
- <member>
- TRANSLATION translation
- </member>
- <member>
- DOMAIN domain
- </member>
- </simplelist>
- </para>
- <para>
- If user1 gives a privilege WITH GRANT OPTION to user2,
- and user2 gives it to user3 then user1 can revoke
- this privilege in cascade using the CASCADE keyword.
- </para>
- <para>
- If user1 gives a privilege WITH GRANT OPTION to user2,
- and user2 gives it to user3 then if user1 try revoke
- this privilege it fails if he/she specify the RESTRICT
- keyword.
- </para>
- </refsect2>
- </refsect1>
- </refentry>
- <!-- Keep this comment at the end of the file
- Local variables:
- mode: sgml
- sgml-omittag:nil
- sgml-shorttag:t
- sgml-minimize-attributes:nil
- sgml-always-quote-attributes:t
- sgml-indent-step:1
- sgml-indent-data:t
- sgml-parent-document:nil
- sgml-default-dtd-file:"../reference.ced"
- sgml-exposed-tags:nil
- sgml-local-catalogs:"/usr/lib/sgml/catalog"
- sgml-local-ecat-files:nil
- End:
- -->