public inbox for [email protected]
help / color / mirror / Atom feedFrom: Alexey Kuleshevich <[email protected]>
To: [email protected] <[email protected]>
Subject: Re: GRANT and REVOKE grammar.
Date: Wed, 28 Feb 2018 11:37:52 +0300
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
Just noticed that formatting isn't rendered properly in the mailing list archive on the postgresql website. Here is the plaintext version of the original email:
Hi all.
The way it is described in the documentation for GRANT syntax (https://www.postgresql.org/docs/10/static/sql-grant.html end all prior versions) doesn't look quite right. According to the doc, something like that shouldn't be possible: GRANT SELECT(field), TRUNCATE, INSERT(abc) ON TABLE foobar TO alexey, namely mixing privileges with column name in parens (eg. INSERT(abc)) and without (eg. TRUNCATE) in the same GRANT statement, but clearly it is correct syntax.
So instead of current grammar in the doc:
GRANT { { SELECT | INSERT | UPDATE | DELETE | TRUNCATE | REFERENCES | TRIGGER }
[, ...] | ALL [ PRIVILEGES ] }
ON { [ TABLE ] table_name [, ...]
| ALL TABLES IN SCHEMA schema_name [, ...] }
TO role_specification [, ...] [ WITH GRANT OPTION ]
GRANT { { SELECT | INSERT | UPDATE | REFERENCES } ( column_name [, ...] )
[, ...] | ALL [ PRIVILEGES ] ( column_name [, ...] ) }
ON [ TABLE ] table_name [, ...]
TO role_specification [, ...] [ WITH GRANT OPTION ]
I suggest it should be:
GRANT { { SELECT | INSERT | UPDATE | DELETE | TRUNCATE | REFERENCES | TRIGGER }
[, ...] | ALL [ PRIVILEGES ] }
ON { ALL TABLES IN SCHEMA schema_name [, ...] }
TO role_specification [, ...] [ WITH GRANT OPTION ]
GRANT { { { SELECT | INSERT | UPDATE | REFERENCES } [ ( column_name [, ...] ) ]
| { DELETE | TRUNCATE | TRIGGER } }
[, ...] | ALL [ PRIVILEGES ] [ ( column_name [, ...] ) ] }
ON [ TABLE ] table_name [, ...]
TO role_specification [, ...] [ WITH GRANT OPTION ]
Does it make sense, or am I tripping?
Alternatively it could be:
GRANT { { SELECT | INSERT | UPDATE | DELETE | TRUNCATE | REFERENCES | TRIGGER }
[, ...] | ALL [ PRIVILEGES ] }
ON { [ TABLE ] table_name [, ...]
| ALL TABLES IN SCHEMA schema_name [, ...] }
TO role_specification [, ...] [ WITH GRANT OPTION ]
GRANT { { SELECT | INSERT | UPDATE | REFERENCES } [ ( column_name [, ...] ) ]
[, ...] | ALL [ PRIVILEGES ] [ ( column_name [, ...] ) ] }
ON [ TABLE ] table_name [, ...]
TO role_specification [, ...] [ WITH GRANT OPTION ]
Note the [] around [ ( column_name [, ...] ) ], but the former is a bit clearer, I think.
Identical issue and solution applies to REVOKE syntax: https://www.postgresql.org/docs/10/static/sql-revoke.html
Forgive me if I am wrong, not a daily PostgreSQL user.
Thank you.
Alexey.
view thread (2+ messages)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected]
Subject: Re: GRANT and REVOKE grammar.
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox