Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps
 (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256)
	(Exim 4.89)
	(envelope-from <pgsql-docs-owner+archive@lists.postgresql.org>)
	id 1eqxIt-0000Eg-Jj
	for pgsql-docs@arkaria.postgresql.org; Wed, 28 Feb 2018 08:41:36 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.89)
	(envelope-from <pgsql-docs-owner+archive@lists.postgresql.org>)
	id 1eqxIs-0005qE-R7
	for pgsql-docs@arkaria.postgresql.org; Wed, 28 Feb 2018 08:41:34 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256)
	(Exim 4.89)
	(envelope-from <lehins@yandex.com>)
	id 1eqxFQ-0001z4-Dr
	for pgsql-docs@lists.postgresql.org; Wed, 28 Feb 2018 08:38:00 +0000
Received: from forward100o.mail.yandex.net ([2a02:6b8:0:1a2d::600])
	by magus.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA384:256)
	(Exim 4.89)
	(envelope-from <lehins@yandex.com>)
	id 1eqxFM-0002Wp-CI
	for pgsql-docs@postgresql.org; Wed, 28 Feb 2018 08:37:59 +0000
Received: from mxback2g.mail.yandex.net (mxback2g.mail.yandex.net
 [IPv6:2a02:6b8:0:1472:2741:0:8b7:163])
	by forward100o.mail.yandex.net (Yandex) with ESMTP id 846942A21ACD
	for <pgsql-docs@postgresql.org>; Wed, 28 Feb 2018 11:37:53 +0300 (MSK)
Received: from localhost (localhost [::1])
	by mxback2g.mail.yandex.net (nwsmtp/Yandex) with ESMTP id
 PTKUv66foJ-bqnGNv5i;
	Wed, 28 Feb 2018 11:37:52 +0300
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.com; s=mail;
 t=1519807072;
	bh=lzAxH2qddIXQJ9J+9+vihtmJj0YwTyEk8SlK7bRGNEg=;
	h=From:To:In-Reply-To:References:Subject:Message-Id:Date;
	b=YAJX0EY4ew6/+Xh57TdRJ+ClX3LvrzePhR5cbVlsjZ3q+AD0jck3uiSoi0HV2feWU
	 nO8AL6HXcyDTCy7CcKTZAR8suNNVjzZyYTBDcYfAoaMmN98xcYTflfkXVfEG5/n2L3
	 BoU/oNlph+tp9Vy289YTOVHxaTEYF653hpxYF1/U=
Authentication-Results: mxback2g.mail.yandex.net;
 dkim=pass header.i=@yandex.com
Received: by web43j.yandex.ru with HTTP;
	Wed, 28 Feb 2018 11:37:52 +0300
From: Alexey Kuleshevich <lehins@yandex.com>
Envelope-From: lehins@yandex.by
To: "pgsql-docs@postgresql.org" <pgsql-docs@postgresql.org>
In-Reply-To: <867731519651440@web58j.yandex.ru>
References: <867731519651440@web58j.yandex.ru>
Subject: Re: GRANT and REVOKE grammar.
MIME-Version: 1.0
Message-Id: <503671519807072@web43j.yandex.ru>
X-Mailer: Yamail [ http://yandex.ru ] 5.0
Date: Wed, 28 Feb 2018 11:37:52 +0300
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=utf-8
List-Id: <pgsql-docs.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-docs@lists.postgresql.org>
List-Owner: <mailto:pgsql-docs-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-docs>
Precedence: bulk



Just noticed that formatting isn't rendered properly in the mailing list archive on the postgresql website. Here is the plaintext version of the original email:


Hi all.

The way it is described in the documentation for GRANT syntax (https://www.postgresql.org/docs/10/static/sql-grant.html end all prior versions) doesn't look quite right. According to the doc, something like that shouldn't be possible: GRANT SELECT(field), TRUNCATE, INSERT(abc) ON TABLE foobar TO alexey, namely mixing privileges with column name in parens (eg. INSERT(abc)) and without (eg. TRUNCATE) in the same GRANT statement, but clearly it is correct syntax.

So instead of current grammar in the doc:

GRANT { { SELECT | INSERT | UPDATE | DELETE | TRUNCATE | REFERENCES | TRIGGER }
    [, ...] | ALL [ PRIVILEGES ] }
    ON { [ TABLE ] table_name [, ...]
         | ALL TABLES IN SCHEMA schema_name [, ...] }
    TO role_specification [, ...] [ WITH GRANT OPTION ]

GRANT { { SELECT | INSERT | UPDATE | REFERENCES } ( column_name [, ...] )
    [, ...] | ALL [ PRIVILEGES ] ( column_name [, ...] ) }
    ON [ TABLE ] table_name [, ...]
    TO role_specification [, ...] [ WITH GRANT OPTION ]
I suggest it should be:

GRANT { { SELECT | INSERT | UPDATE | DELETE | TRUNCATE | REFERENCES | TRIGGER }
    [, ...] | ALL [ PRIVILEGES ] }
    ON { ALL TABLES IN SCHEMA schema_name [, ...] }
    TO role_specification [, ...] [ WITH GRANT OPTION ]

GRANT { { { SELECT | INSERT | UPDATE | REFERENCES } [ ( column_name [, ...] ) ]
        | { DELETE | TRUNCATE | TRIGGER } }
    [, ...] | ALL [ PRIVILEGES ] [ ( column_name [, ...] ) ] }
    ON [ TABLE ] table_name [, ...]
    TO role_specification [, ...] [ WITH GRANT OPTION ]
Does it make sense, or am I tripping?

Alternatively it could be:

GRANT { { SELECT | INSERT | UPDATE | DELETE | TRUNCATE | REFERENCES | TRIGGER }
    [, ...] | ALL [ PRIVILEGES ] }
    ON { [ TABLE ] table_name [, ...]
         | ALL TABLES IN SCHEMA schema_name [, ...] }
    TO role_specification [, ...] [ WITH GRANT OPTION ]

GRANT { { SELECT | INSERT | UPDATE | REFERENCES } [ ( column_name [, ...] ) ]
    [, ...] | ALL [ PRIVILEGES ] [ ( column_name [, ...] ) ] }
    ON [ TABLE ] table_name [, ...]
    TO role_specification [, ...] [ WITH GRANT OPTION ]
Note the [] around [ ( column_name [, ...] ) ], but the former is a bit clearer, I think.

Identical issue and solution applies to REVOKE syntax: https://www.postgresql.org/docs/10/static/sql-revoke.html

Forgive me if I am wrong, not a daily PostgreSQL user.



Thank you.

Alexey.