When an object is created, it is assigned an owner. The owner is normally the role that executed the creation statement. For most kinds of objects, the initial state is that only the owner (or a superuser) can do anything with the object. To allow other roles to use it, privilegesmust be granted

There are different kinds of privileges: SELECTINSERTUPDATEDELETETRUNCATEREFERENCESTRIGGERCREATECONNECTTEMPORARYEXECUTE, and USAGE. The privileges applicable to a particular object vary depending on the object's type (table, function, etc). For complete information on the different types of privileges supported by PostgreSQL, refer to the GRANT reference page. The following sections and chapters will also show you how those privileges are used.

The right to modify or destroy an object is always the privilege of the owner only.

An object can be assigned to a new owner with an ALTER command of the appropriate kind for the object, e.g. ALTER TABLE. Superusers can always do this; ordinary roles can only do it if they are both the current owner of the object (or a member of the owning role) and a member of the new owning role.

To assign privileges, the GRANT command is used. For example, if joe is an existing user, and accounts is an existing table, the privilege to update the table can be granted with:

GRANT UPDATE ON accounts TO joe;

Writing ALL in place of a specific privilege grants all privileges that are relevant for the object type.

The special "user" name PUBLIC can be used to grant a privilege to every user on the system. Also, "group" roles can be set up to help manage privileges when there are many users of a database — for details see Chapter 20.

To revoke a privilege, use the fittingly named REVOKE command:

REVOKE ALL ON accounts FROM PUBLIC;

The special privileges of the object owner (i.e., the right to do DROPGRANTREVOKE, etc.) are always implicit in being the owner, and cannot be granted or revoked. But the object owner can choose to revoke his own ordinary privileges, for example to make a table read-only for himself as well as others.

Ordinarily, only the object's owner (or a superuser) can grant or revoke privileges on an object. However, it is possible to grant a privilege "with grant option", which gives the recipient the right to grant it in turn to others. If the grant option is subsequently revoked then all who received the privilege from that recipient (directly or through a chain of grants) will lose the privilege. For details see the GRANT and REVOKE reference pages.

 
 

postgreSQL 之 Privilege & grant & revoke(未完待续)的更多相关文章

  1. 我的SQL总结---未完待续

    我的SQL总结---未完待续 版权声明:本文为博主原创文章,未经博主允许不得转载. 总结: 主要的SQL 语句: 数据操作(select, insert, delete, update) 访问控制(g ...

  2. 命令行操作mysql 未完待续......

    复制数据表 create table 新表 like 旧表: 删除表中某个字段 alter table 表名 drop column 字段; 例子: alter table news_apply_lo ...

  3. javascript有用小功能总结(未完待续)

    1)javascript让页面标题滚动效果 代码如下: <title>您好,欢迎访问我的博客</title> <script type="text/javasc ...

  4. ASP.NET MVC 系列随笔汇总[未完待续……]

    ASP.NET MVC 系列随笔汇总[未完待续……] 为了方便大家浏览所以整理一下,有的系列篇幅中不是很全面以后会慢慢的补全的. 学前篇之: ASP.NET MVC学前篇之扩展方法.链式编程 ASP. ...

  5. 关于DOM的一些总结(未完待续......)

    DOM 实例1:购物车实例(数量,小计和总计的变化) 这里主要是如何获取页面元素的节点: document.getElementById("...") cocument.query ...

  6. virtualbox搭建ubuntu server nginx+mysql+tomcat web服务器1 (未完待续)

    virtualbox搭建ubuntu server nginx+mysql+tomcat web服务器1 (未完待续) 第一次接触到 linux,不知道linux的确很强大,然后用virtualbox ...

  7. MVC丶 (未完待续······)

         希望你看了此小随 可以实现自己的MVC框架     也祝所有的程序员身体健康一切安好                                                     ...

  8. 一篇文章让Oracle程序猿学会MySql【未完待续】

    一篇文章让Oracle DB学会MySql[未完待续] 随笔前言: 本篇文章是针对已经能够熟练使用Oracle数据库的DB所写的快速学会MySql,为什么敢这么说,是因为本人认为Oracle在功能性方 ...

  9. [python]爬代理ip v2.0(未完待续)

    爬代理ip 所有的代码都放到了我的github上面, HTTP代理常识 HTTP代理按匿名度可分为透明代理.匿名代理和高度匿名代理. 特别感谢:勤奋的小孩 在评论中指出我文章中的错误. REMOTE_ ...

随机推荐

  1. 用js刷剑指offer(合并两个排序的链表)

    题目描述 输入两个单调递增的链表,输出两个链表合成后的链表,当然我们需要合成后的链表满足单调不减规则. 牛客网链接 js代码 /*function ListNode(x){ this.val = x; ...

  2. Java基础 反射的基础应用和Class笔记

    笔记: /**直接 throws Exception,完美包含全部异常! * --------------------------- * Class: * 首先创建一个类, 接着编译程序: javac ...

  3. zznu-oj-2117 : 我已经在路上了(求函数的原函数的字符串)--【暴力模拟题,花式模拟题,String大法好】

    2117 : 我已经在路上了 时间限制:1 Sec 内存限制:256 MiB提交:39 答案正确:8 提交 状态 编辑 讨论区 题目描述 spring是不折不扣的学霸,那可是机房考研中的头号选手,不吹 ...

  4. csrf简单明了( 转发)

    https://www.daguanren.cc/post/csrf-introduction.html csrf_token = request.META.get('CSRF_COOKIE') re ...

  5. Excle导出优化(poi)

    搜索词条 1.idea报java.lang.OutOfMemoryError: Java heap space怎么解决? 2.java.lang.OutOfMemoryError: GC overhe ...

  6. 本月周六周日LIST集合

    最近项目中有用到本月所有的周六,周日,特此分享一下! 算法思路:写一个循环,条件为本月开始日期.本月截至日期,通过循环获取第一个周六,加一天就是周日,每增加六天就是下一个周六,依次类推,循环到月末 代 ...

  7. 2014年9月9日 高级命令command的使用(上)

    上次说到了菜单 工具条按钮 上下文菜单都已经改为用command的方式去做了,这次稍微详细地说说. 在command的实现拓展点handler上右键,可以看到有enabledWhen,activeWh ...

  8. 2019牛客多校D move——乱搞&&思维题

    题意 给定 $n$ 个物品,体积分别为 $v_i$,现有 $K$ 的容积一样的箱子,按如下策略装入物品:每次选取尽可能大的装入(较大的不能装入时可以向小的找),依次装入箱子. 分析 首先,不具有严格的 ...

  9. 第一篇博客-MVC路由简述

    一直念叨着写博客,可是迟迟不见下笔,工作到现在,技术长进了一点,但是记的东西都很杂,也没个思路,也不知道怎么去写一遍博客,现在在做MVC,写一点跟MVC有关的吧. 我们都知道MVC程序的所有请求都是先 ...

  10. springboot项目:以run as-->spring boot app方式启动,配置热部署(亲测可用!!!)

    1.在pom.xml中添加热部署依赖 <!-- 热部署 --> <!-- devtools可以实现页面热部署(即页面修改后会立即生效, 这个可以直接在application.prop ...