diff options
Diffstat (limited to 'doc/src/sgml/html/sql-revoke.html')
| -rw-r--r-- | doc/src/sgml/html/sql-revoke.html | 258 |
1 files changed, 258 insertions, 0 deletions
diff --git a/doc/src/sgml/html/sql-revoke.html b/doc/src/sgml/html/sql-revoke.html new file mode 100644 index 0000000..f71531b --- /dev/null +++ b/doc/src/sgml/html/sql-revoke.html @@ -0,0 +1,258 @@ +<?xml version="1.0" encoding="UTF-8" standalone="no"?> +<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>REVOKE</title><link rel="stylesheet" type="text/css" href="stylesheet.css" /><link rev="made" href="pgsql-docs@lists.postgresql.org" /><meta name="generator" content="DocBook XSL Stylesheets Vsnapshot" /><link rel="prev" href="sql-reset.html" title="RESET" /><link rel="next" href="sql-rollback.html" title="ROLLBACK" /></head><body id="docContent" class="container-fluid col-10"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="5" align="center">REVOKE</th></tr><tr><td width="10%" align="left"><a accesskey="p" href="sql-reset.html" title="RESET">Prev</a> </td><td width="10%" align="left"><a accesskey="u" href="sql-commands.html" title="SQL Commands">Up</a></td><th width="60%" align="center">SQL Commands</th><td width="10%" align="right"><a accesskey="h" href="index.html" title="PostgreSQL 16.2 Documentation">Home</a></td><td width="10%" align="right"> <a accesskey="n" href="sql-rollback.html" title="ROLLBACK">Next</a></td></tr></table><hr /></div><div class="refentry" id="SQL-REVOKE"><div class="titlepage"></div><a id="id-1.9.3.166.1" class="indexterm"></a><div class="refnamediv"><h2><span class="refentrytitle">REVOKE</span></h2><p>REVOKE — remove access privileges</p></div><div class="refsynopsisdiv"><h2>Synopsis</h2><pre class="synopsis"> +REVOKE [ GRANT OPTION FOR ] + { { SELECT | INSERT | UPDATE | DELETE | TRUNCATE | REFERENCES | TRIGGER } + [, ...] | ALL [ PRIVILEGES ] } + ON { [ TABLE ] <em class="replaceable"><code>table_name</code></em> [, ...] + | ALL TABLES IN SCHEMA <em class="replaceable"><code>schema_name</code></em> [, ...] } + FROM <em class="replaceable"><code>role_specification</code></em> [, ...] + [ GRANTED BY <em class="replaceable"><code>role_specification</code></em> ] + [ CASCADE | RESTRICT ] + +REVOKE [ GRANT OPTION FOR ] + { { SELECT | INSERT | UPDATE | REFERENCES } ( <em class="replaceable"><code>column_name</code></em> [, ...] ) + [, ...] | ALL [ PRIVILEGES ] ( <em class="replaceable"><code>column_name</code></em> [, ...] ) } + ON [ TABLE ] <em class="replaceable"><code>table_name</code></em> [, ...] + FROM <em class="replaceable"><code>role_specification</code></em> [, ...] + [ GRANTED BY <em class="replaceable"><code>role_specification</code></em> ] + [ CASCADE | RESTRICT ] + +REVOKE [ GRANT OPTION FOR ] + { { USAGE | SELECT | UPDATE } + [, ...] | ALL [ PRIVILEGES ] } + ON { SEQUENCE <em class="replaceable"><code>sequence_name</code></em> [, ...] + | ALL SEQUENCES IN SCHEMA <em class="replaceable"><code>schema_name</code></em> [, ...] } + FROM <em class="replaceable"><code>role_specification</code></em> [, ...] + [ GRANTED BY <em class="replaceable"><code>role_specification</code></em> ] + [ CASCADE | RESTRICT ] + +REVOKE [ GRANT OPTION FOR ] + { { CREATE | CONNECT | TEMPORARY | TEMP } [, ...] | ALL [ PRIVILEGES ] } + ON DATABASE <em class="replaceable"><code>database_name</code></em> [, ...] + FROM <em class="replaceable"><code>role_specification</code></em> [, ...] + [ GRANTED BY <em class="replaceable"><code>role_specification</code></em> ] + [ CASCADE | RESTRICT ] + +REVOKE [ GRANT OPTION FOR ] + { USAGE | ALL [ PRIVILEGES ] } + ON DOMAIN <em class="replaceable"><code>domain_name</code></em> [, ...] + FROM <em class="replaceable"><code>role_specification</code></em> [, ...] + [ GRANTED BY <em class="replaceable"><code>role_specification</code></em> ] + [ CASCADE | RESTRICT ] + +REVOKE [ GRANT OPTION FOR ] + { USAGE | ALL [ PRIVILEGES ] } + ON FOREIGN DATA WRAPPER <em class="replaceable"><code>fdw_name</code></em> [, ...] + FROM <em class="replaceable"><code>role_specification</code></em> [, ...] + [ GRANTED BY <em class="replaceable"><code>role_specification</code></em> ] + [ CASCADE | RESTRICT ] + +REVOKE [ GRANT OPTION FOR ] + { USAGE | ALL [ PRIVILEGES ] } + ON FOREIGN SERVER <em class="replaceable"><code>server_name</code></em> [, ...] + FROM <em class="replaceable"><code>role_specification</code></em> [, ...] + [ GRANTED BY <em class="replaceable"><code>role_specification</code></em> ] + [ CASCADE | RESTRICT ] + +REVOKE [ GRANT OPTION FOR ] + { EXECUTE | ALL [ PRIVILEGES ] } + ON { { FUNCTION | PROCEDURE | ROUTINE } <em class="replaceable"><code>function_name</code></em> [ ( [ [ <em class="replaceable"><code>argmode</code></em> ] [ <em class="replaceable"><code>arg_name</code></em> ] <em class="replaceable"><code>arg_type</code></em> [, ...] ] ) ] [, ...] + | ALL { FUNCTIONS | PROCEDURES | ROUTINES } IN SCHEMA <em class="replaceable"><code>schema_name</code></em> [, ...] } + FROM <em class="replaceable"><code>role_specification</code></em> [, ...] + [ GRANTED BY <em class="replaceable"><code>role_specification</code></em> ] + [ CASCADE | RESTRICT ] + +REVOKE [ GRANT OPTION FOR ] + { USAGE | ALL [ PRIVILEGES ] } + ON LANGUAGE <em class="replaceable"><code>lang_name</code></em> [, ...] + FROM <em class="replaceable"><code>role_specification</code></em> [, ...] + [ GRANTED BY <em class="replaceable"><code>role_specification</code></em> ] + [ CASCADE | RESTRICT ] + +REVOKE [ GRANT OPTION FOR ] + { { SELECT | UPDATE } [, ...] | ALL [ PRIVILEGES ] } + ON LARGE OBJECT <em class="replaceable"><code>loid</code></em> [, ...] + FROM <em class="replaceable"><code>role_specification</code></em> [, ...] + [ GRANTED BY <em class="replaceable"><code>role_specification</code></em> ] + [ CASCADE | RESTRICT ] + +REVOKE [ GRANT OPTION FOR ] + { { SET | ALTER SYSTEM } [, ...] | ALL [ PRIVILEGES ] } + ON PARAMETER <em class="replaceable"><code>configuration_parameter</code></em> [, ...] + FROM <em class="replaceable"><code>role_specification</code></em> [, ...] + [ GRANTED BY <em class="replaceable"><code>role_specification</code></em> ] + [ CASCADE | RESTRICT ] + +REVOKE [ GRANT OPTION FOR ] + { { CREATE | USAGE } [, ...] | ALL [ PRIVILEGES ] } + ON SCHEMA <em class="replaceable"><code>schema_name</code></em> [, ...] + FROM <em class="replaceable"><code>role_specification</code></em> [, ...] + [ GRANTED BY <em class="replaceable"><code>role_specification</code></em> ] + [ CASCADE | RESTRICT ] + +REVOKE [ GRANT OPTION FOR ] + { CREATE | ALL [ PRIVILEGES ] } + ON TABLESPACE <em class="replaceable"><code>tablespace_name</code></em> [, ...] + FROM <em class="replaceable"><code>role_specification</code></em> [, ...] + [ GRANTED BY <em class="replaceable"><code>role_specification</code></em> ] + [ CASCADE | RESTRICT ] + +REVOKE [ GRANT OPTION FOR ] + { USAGE | ALL [ PRIVILEGES ] } + ON TYPE <em class="replaceable"><code>type_name</code></em> [, ...] + FROM <em class="replaceable"><code>role_specification</code></em> [, ...] + [ GRANTED BY <em class="replaceable"><code>role_specification</code></em> ] + [ CASCADE | RESTRICT ] + +REVOKE [ { ADMIN | INHERIT | SET } OPTION FOR ] + <em class="replaceable"><code>role_name</code></em> [, ...] FROM <em class="replaceable"><code>role_specification</code></em> [, ...] + [ GRANTED BY <em class="replaceable"><code>role_specification</code></em> ] + [ CASCADE | RESTRICT ] + +<span class="phrase">where <em class="replaceable"><code>role_specification</code></em> can be:</span> + + [ GROUP ] <em class="replaceable"><code>role_name</code></em> + | PUBLIC + | CURRENT_ROLE + | CURRENT_USER + | SESSION_USER +</pre></div><div class="refsect1" id="SQL-REVOKE-DESCRIPTION"><h2>Description</h2><p> + The <code class="command">REVOKE</code> command revokes previously granted + privileges from one or more roles. The key word + <code class="literal">PUBLIC</code> refers to the implicitly defined group of + all roles. + </p><p> + See the description of the <a class="link" href="sql-grant.html" title="GRANT"><code class="command">GRANT</code></a> command for + the meaning of the privilege types. + </p><p> + Note that any particular role will have the sum + of privileges granted directly to it, privileges granted to any role it + is presently a member of, and privileges granted to + <code class="literal">PUBLIC</code>. Thus, for example, revoking <code class="literal">SELECT</code> privilege + from <code class="literal">PUBLIC</code> does not necessarily mean that all roles + have lost <code class="literal">SELECT</code> privilege on the object: those who have it granted + directly or via another role will still have it. Similarly, revoking + <code class="literal">SELECT</code> from a user might not prevent that user from using + <code class="literal">SELECT</code> if <code class="literal">PUBLIC</code> or another membership + role still has <code class="literal">SELECT</code> rights. + </p><p> + If <code class="literal">GRANT OPTION FOR</code> is specified, only the grant + option for the privilege is revoked, not the privilege itself. + Otherwise, both the privilege and the grant option are revoked. + </p><p> + If a user holds a privilege with grant option and has granted it to + other users then the privileges held by those other users are + called dependent privileges. If the privilege or the grant option + held by the first user is being revoked and dependent privileges + exist, those dependent privileges are also revoked if + <code class="literal">CASCADE</code> is specified; if it is not, the revoke action + will fail. This recursive revocation only affects privileges that + were granted through a chain of users that is traceable to the user + that is the subject of this <code class="literal">REVOKE</code> command. + Thus, the affected users might effectively keep the privilege if it + was also granted through other users. + </p><p> + When revoking privileges on a table, the corresponding column privileges + (if any) are automatically revoked on each column of the table, as well. + On the other hand, if a role has been granted privileges on a table, then + revoking the same privileges from individual columns will have no effect. + </p><p> + When revoking membership in a role, <code class="literal">GRANT OPTION</code> is instead + called <code class="literal">ADMIN OPTION</code>, but the behavior is similar. + Note that, in releases prior to <span class="productname">PostgreSQL</span> 16, + dependent privileges were not tracked for grants of role membership, + and thus <code class="literal">CASCADE</code> had no effect for role membership. + This is no longer the case. + Note also that this form of the command does not + allow the noise word <code class="literal">GROUP</code> + in <em class="replaceable"><code>role_specification</code></em>. + </p><p> + Just as <code class="literal">ADMIN OPTION</code> can be removed from an existing + role grant, it is also possible to revoke <code class="literal">INHERIT OPTION</code> + or <code class="literal">SET OPTION</code>. This is equivalent to setting the value + of the corresponding option to <code class="literal">FALSE</code>. + </p></div><div class="refsect1" id="SQL-REVOKE-NOTES"><h2>Notes</h2><p> + A user can only revoke privileges that were granted directly by + that user. If, for example, user A has granted a privilege with + grant option to user B, and user B has in turn granted it to user + C, then user A cannot revoke the privilege directly from C. + Instead, user A could revoke the grant option from user B and use + the <code class="literal">CASCADE</code> option so that the privilege is + in turn revoked from user C. For another example, if both A and B + have granted the same privilege to C, A can revoke their own grant + but not B's grant, so C will still effectively have the privilege. + </p><p> + When a non-owner of an object attempts to <code class="command">REVOKE</code> privileges + on the object, the command will fail outright if the user has no + privileges whatsoever on the object. As long as some privilege is + available, the command will proceed, but it will revoke only those + privileges for which the user has grant options. The <code class="command">REVOKE ALL + PRIVILEGES</code> forms will issue a warning message if no grant options are + held, while the other forms will issue a warning if grant options for + any of the privileges specifically named in the command are not held. + (In principle these statements apply to the object owner as well, but + since the owner is always treated as holding all grant options, the + cases can never occur.) + </p><p> + If a superuser chooses to issue a <code class="command">GRANT</code> or <code class="command">REVOKE</code> + command, the command is performed as though it were issued by the + owner of the affected object. (Since roles do not have owners, in the + case of a <code class="command">GRANT</code> of role membership, the command is + performed as though it were issued by the bootstrap superuser.) + Since all privileges ultimately come + from the object owner (possibly indirectly via chains of grant options), + it is possible for a superuser to revoke all privileges, but this might + require use of <code class="literal">CASCADE</code> as stated above. + </p><p> + <code class="command">REVOKE</code> can also be done by a role + that is not the owner of the affected object, but is a member of the role + that owns the object, or is a member of a role that holds privileges + <code class="literal">WITH GRANT OPTION</code> on the object. In this case the + command is performed as though it were issued by the containing role that + actually owns the object or holds the privileges + <code class="literal">WITH GRANT OPTION</code>. For example, if table + <code class="literal">t1</code> is owned by role <code class="literal">g1</code>, of which role + <code class="literal">u1</code> is a member, then <code class="literal">u1</code> can revoke privileges + on <code class="literal">t1</code> that are recorded as being granted by <code class="literal">g1</code>. + This would include grants made by <code class="literal">u1</code> as well as by other + members of role <code class="literal">g1</code>. + </p><p> + If the role executing <code class="command">REVOKE</code> holds privileges + indirectly via more than one role membership path, it is unspecified + which containing role will be used to perform the command. In such cases + it is best practice to use <code class="command">SET ROLE</code> to become the specific + role you want to do the <code class="command">REVOKE</code> as. Failure to do so might + lead to revoking privileges other than the ones you intended, or not + revoking anything at all. + </p><p> + See <a class="xref" href="ddl-priv.html" title="5.7. Privileges">Section 5.7</a> for more information about specific + privilege types, as well as how to inspect objects' privileges. + </p></div><div class="refsect1" id="SQL-REVOKE-EXAMPLES"><h2>Examples</h2><p> + Revoke insert privilege for the public on table + <code class="literal">films</code>: + +</p><pre class="programlisting"> +REVOKE INSERT ON films FROM PUBLIC; +</pre><p> + </p><p> + Revoke all privileges from user <code class="literal">manuel</code> on view + <code class="literal">kinds</code>: + +</p><pre class="programlisting"> +REVOKE ALL PRIVILEGES ON kinds FROM manuel; +</pre><p> + + Note that this actually means <span class="quote">“<span class="quote">revoke all privileges that I + granted</span>”</span>. + </p><p> + Revoke membership in role <code class="literal">admins</code> from user <code class="literal">joe</code>: + +</p><pre class="programlisting"> +REVOKE admins FROM joe; +</pre></div><div class="refsect1" id="SQL-REVOKE-COMPATIBILITY"><h2>Compatibility</h2><p> + The compatibility notes of the <a class="link" href="sql-grant.html" title="GRANT"><code class="command">GRANT</code></a> command + apply analogously to <code class="command">REVOKE</code>. + The keyword <code class="literal">RESTRICT</code> or <code class="literal">CASCADE</code> + is required according to the standard, but <span class="productname">PostgreSQL</span> + assumes <code class="literal">RESTRICT</code> by default. + </p></div><div class="refsect1" id="id-1.9.3.166.9"><h2>See Also</h2><span class="simplelist"><a class="xref" href="sql-grant.html" title="GRANT"><span class="refentrytitle">GRANT</span></a>, <a class="xref" href="sql-alterdefaultprivileges.html" title="ALTER DEFAULT PRIVILEGES"><span class="refentrytitle">ALTER DEFAULT PRIVILEGES</span></a></span></div></div><div class="navfooter"><hr /><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sql-reset.html" title="RESET">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="sql-commands.html" title="SQL Commands">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="sql-rollback.html" title="ROLLBACK">Next</a></td></tr><tr><td width="40%" align="left" valign="top">RESET </td><td width="20%" align="center"><a accesskey="h" href="index.html" title="PostgreSQL 16.2 Documentation">Home</a></td><td width="40%" align="right" valign="top"> ROLLBACK</td></tr></table></div></body></html>
\ No newline at end of file |