summaryrefslogtreecommitdiffstats
path: root/doc/src/sgml/man7/GRANT.7
diff options
context:
space:
mode:
Diffstat (limited to 'doc/src/sgml/man7/GRANT.7')
-rw-r--r--doc/src/sgml/man7/GRANT.7467
1 files changed, 467 insertions, 0 deletions
diff --git a/doc/src/sgml/man7/GRANT.7 b/doc/src/sgml/man7/GRANT.7
new file mode 100644
index 0000000..d285aaf
--- /dev/null
+++ b/doc/src/sgml/man7/GRANT.7
@@ -0,0 +1,467 @@
+'\" t
+.\" Title: GRANT
+.\" Author: The PostgreSQL Global Development Group
+.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
+.\" Date: 2024
+.\" Manual: PostgreSQL 16.2 Documentation
+.\" Source: PostgreSQL 16.2
+.\" Language: English
+.\"
+.TH "GRANT" "7" "2024" "PostgreSQL 16.2" "PostgreSQL 16.2 Documentation"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+GRANT \- define access privileges
+.SH "SYNOPSIS"
+.sp
+.nf
+GRANT { { SELECT | INSERT | UPDATE | DELETE | TRUNCATE | REFERENCES | TRIGGER }
+ [, \&.\&.\&.] | ALL [ PRIVILEGES ] }
+ ON { [ TABLE ] \fItable_name\fR [, \&.\&.\&.]
+ | ALL TABLES IN SCHEMA \fIschema_name\fR [, \&.\&.\&.] }
+ TO \fIrole_specification\fR [, \&.\&.\&.] [ WITH GRANT OPTION ]
+ [ GRANTED BY \fIrole_specification\fR ]
+
+GRANT { { SELECT | INSERT | UPDATE | REFERENCES } ( \fIcolumn_name\fR [, \&.\&.\&.] )
+ [, \&.\&.\&.] | ALL [ PRIVILEGES ] ( \fIcolumn_name\fR [, \&.\&.\&.] ) }
+ ON [ TABLE ] \fItable_name\fR [, \&.\&.\&.]
+ TO \fIrole_specification\fR [, \&.\&.\&.] [ WITH GRANT OPTION ]
+ [ GRANTED BY \fIrole_specification\fR ]
+
+GRANT { { USAGE | SELECT | UPDATE }
+ [, \&.\&.\&.] | ALL [ PRIVILEGES ] }
+ ON { SEQUENCE \fIsequence_name\fR [, \&.\&.\&.]
+ | ALL SEQUENCES IN SCHEMA \fIschema_name\fR [, \&.\&.\&.] }
+ TO \fIrole_specification\fR [, \&.\&.\&.] [ WITH GRANT OPTION ]
+ [ GRANTED BY \fIrole_specification\fR ]
+
+GRANT { { CREATE | CONNECT | TEMPORARY | TEMP } [, \&.\&.\&.] | ALL [ PRIVILEGES ] }
+ ON DATABASE \fIdatabase_name\fR [, \&.\&.\&.]
+ TO \fIrole_specification\fR [, \&.\&.\&.] [ WITH GRANT OPTION ]
+ [ GRANTED BY \fIrole_specification\fR ]
+
+GRANT { USAGE | ALL [ PRIVILEGES ] }
+ ON DOMAIN \fIdomain_name\fR [, \&.\&.\&.]
+ TO \fIrole_specification\fR [, \&.\&.\&.] [ WITH GRANT OPTION ]
+ [ GRANTED BY \fIrole_specification\fR ]
+
+GRANT { USAGE | ALL [ PRIVILEGES ] }
+ ON FOREIGN DATA WRAPPER \fIfdw_name\fR [, \&.\&.\&.]
+ TO \fIrole_specification\fR [, \&.\&.\&.] [ WITH GRANT OPTION ]
+ [ GRANTED BY \fIrole_specification\fR ]
+
+GRANT { USAGE | ALL [ PRIVILEGES ] }
+ ON FOREIGN SERVER \fIserver_name\fR [, \&.\&.\&.]
+ TO \fIrole_specification\fR [, \&.\&.\&.] [ WITH GRANT OPTION ]
+ [ GRANTED BY \fIrole_specification\fR ]
+
+GRANT { EXECUTE | ALL [ PRIVILEGES ] }
+ ON { { FUNCTION | PROCEDURE | ROUTINE } \fIroutine_name\fR [ ( [ [ \fIargmode\fR ] [ \fIarg_name\fR ] \fIarg_type\fR [, \&.\&.\&.] ] ) ] [, \&.\&.\&.]
+ | ALL { FUNCTIONS | PROCEDURES | ROUTINES } IN SCHEMA \fIschema_name\fR [, \&.\&.\&.] }
+ TO \fIrole_specification\fR [, \&.\&.\&.] [ WITH GRANT OPTION ]
+ [ GRANTED BY \fIrole_specification\fR ]
+
+GRANT { USAGE | ALL [ PRIVILEGES ] }
+ ON LANGUAGE \fIlang_name\fR [, \&.\&.\&.]
+ TO \fIrole_specification\fR [, \&.\&.\&.] [ WITH GRANT OPTION ]
+ [ GRANTED BY \fIrole_specification\fR ]
+
+GRANT { { SELECT | UPDATE } [, \&.\&.\&.] | ALL [ PRIVILEGES ] }
+ ON LARGE OBJECT \fIloid\fR [, \&.\&.\&.]
+ TO \fIrole_specification\fR [, \&.\&.\&.] [ WITH GRANT OPTION ]
+ [ GRANTED BY \fIrole_specification\fR ]
+
+GRANT { { SET | ALTER SYSTEM } [, \&.\&.\&. ] | ALL [ PRIVILEGES ] }
+ ON PARAMETER \fIconfiguration_parameter\fR [, \&.\&.\&.]
+ TO \fIrole_specification\fR [, \&.\&.\&.] [ WITH GRANT OPTION ]
+ [ GRANTED BY \fIrole_specification\fR ]
+
+GRANT { { CREATE | USAGE } [, \&.\&.\&.] | ALL [ PRIVILEGES ] }
+ ON SCHEMA \fIschema_name\fR [, \&.\&.\&.]
+ TO \fIrole_specification\fR [, \&.\&.\&.] [ WITH GRANT OPTION ]
+ [ GRANTED BY \fIrole_specification\fR ]
+
+GRANT { CREATE | ALL [ PRIVILEGES ] }
+ ON TABLESPACE \fItablespace_name\fR [, \&.\&.\&.]
+ TO \fIrole_specification\fR [, \&.\&.\&.] [ WITH GRANT OPTION ]
+ [ GRANTED BY \fIrole_specification\fR ]
+
+GRANT { USAGE | ALL [ PRIVILEGES ] }
+ ON TYPE \fItype_name\fR [, \&.\&.\&.]
+ TO \fIrole_specification\fR [, \&.\&.\&.] [ WITH GRANT OPTION ]
+ [ GRANTED BY \fIrole_specification\fR ]
+
+GRANT \fIrole_name\fR [, \&.\&.\&.] TO \fIrole_specification\fR [, \&.\&.\&.]
+ [ WITH { ADMIN | INHERIT | SET } { OPTION | TRUE | FALSE } ]
+ [ GRANTED BY \fIrole_specification\fR ]
+
+where \fIrole_specification\fR can be:
+
+ [ GROUP ] \fIrole_name\fR
+ | PUBLIC
+ | CURRENT_ROLE
+ | CURRENT_USER
+ | SESSION_USER
+.fi
+.SH "DESCRIPTION"
+.PP
+The
+\fBGRANT\fR
+command has two basic variants: one that grants privileges on a database object (table, column, view, foreign table, sequence, database, foreign\-data wrapper, foreign server, function, procedure, procedural language, large object, configuration parameter, schema, tablespace, or type), and one that grants membership in a role\&. These variants are similar in many ways, but they are different enough to be described separately\&.
+.SS "GRANT on Database Objects"
+.PP
+This variant of the
+\fBGRANT\fR
+command gives specific privileges on a database object to one or more roles\&. These privileges are added to those already granted, if any\&.
+.PP
+The key word
+PUBLIC
+indicates that the privileges are to be granted to all roles, including those that might be created later\&.
+PUBLIC
+can be thought of as an implicitly defined group that always includes all roles\&. Any particular role will have the sum of privileges granted directly to it, privileges granted to any role it is presently a member of, and privileges granted to
+PUBLIC\&.
+.PP
+If
+WITH GRANT OPTION
+is specified, the recipient of the privilege can in turn grant it to others\&. Without a grant option, the recipient cannot do that\&. Grant options cannot be granted to
+PUBLIC\&.
+.PP
+If
+GRANTED BY
+is specified, the specified grantor must be the current user\&. This clause is currently present in this form only for SQL compatibility\&.
+.PP
+There is no need to grant privileges to the owner of an object (usually the user that created it), as the owner has all privileges by default\&. (The owner could, however, choose to revoke some of their own privileges for safety\&.)
+.PP
+The right to drop an object, or to alter its definition in any way, is not treated as a grantable privilege; it is inherent in the owner, and cannot be granted or revoked\&. (However, a similar effect can be obtained by granting or revoking membership in the role that owns the object; see below\&.) The owner implicitly has all grant options for the object, too\&.
+.PP
+The possible privileges are:
+.PP
+SELECT
+.br
+INSERT
+.br
+UPDATE
+.br
+DELETE
+.br
+TRUNCATE
+.br
+REFERENCES
+.br
+TRIGGER
+.br
+CREATE
+.br
+CONNECT
+.br
+TEMPORARY
+.br
+EXECUTE
+.br
+USAGE
+.br
+SET
+.br
+ALTER SYSTEM
+.RS 4
+Specific types of privileges, as defined in
+Section\ \&5.7\&.
+.RE
+.PP
+TEMP
+.RS 4
+Alternative spelling for
+TEMPORARY\&.
+.RE
+.PP
+ALL PRIVILEGES
+.RS 4
+Grant all of the privileges available for the object\*(Aqs type\&. The
+PRIVILEGES
+key word is optional in
+PostgreSQL, though it is required by strict SQL\&.
+.RE
+.PP
+The
+FUNCTION
+syntax works for plain functions, aggregate functions, and window functions, but not for procedures; use
+PROCEDURE
+for those\&. Alternatively, use
+ROUTINE
+to refer to a function, aggregate function, window function, or procedure regardless of its precise type\&.
+.PP
+There is also an option to grant privileges on all objects of the same type within one or more schemas\&. This functionality is currently supported only for tables, sequences, functions, and procedures\&.
+ALL TABLES
+also affects views and foreign tables, just like the specific\-object
+\fBGRANT\fR
+command\&.
+ALL FUNCTIONS
+also affects aggregate and window functions, but not procedures, again just like the specific\-object
+\fBGRANT\fR
+command\&. Use
+ALL ROUTINES
+to include procedures\&.
+.SS "GRANT on Roles"
+.PP
+This variant of the
+\fBGRANT\fR
+command grants membership in a role to one or more other roles, and the modification of membership options
+SET,
+INHERIT, and
+ADMIN; see
+Section\ \&22.3
+for details\&. Membership in a role is significant because it potentially allows access to the privileges granted to a role to each of its members, and potentially also the ability to make changes to the role itself\&. However, the actual permissions conferred depend on the options associated with the grant\&. To modify that options of an existing membership, simply specify the membership with updated option values\&.
+.PP
+Each of the options described below can be set to either
+TRUE
+or
+FALSE\&. The keyword
+OPTION
+is accepted as a synonym for
+TRUE, so that
+WITH ADMIN OPTION
+is a synonym for
+WITH ADMIN TRUE\&. When altering an existing membership the omission of an option results in the current value being retained\&.
+.PP
+The
+ADMIN
+option allows the member to in turn grant membership in the role to others, and revoke membership in the role as well\&. Without the admin option, ordinary users cannot do that\&. A role is not considered to hold
+WITH ADMIN OPTION
+on itself\&. Database superusers can grant or revoke membership in any role to anyone\&. This option defaults to
+FALSE\&.
+.PP
+The
+INHERIT
+option controls the inheritance status of the new membership; see
+Section\ \&22.3
+for details on inheritance\&. If it is set to
+TRUE, it causes the new member to inherit from the granted role\&. If set to
+FALSE, the new member does not inherit\&. If unspecified when create a new role membership this defaults to the inheritance attribute of the role being added\&.
+.PP
+The
+SET
+option, if it is set to
+TRUE, allows the member to change to the granted role using the
+\fBSET ROLE\fR
+command\&. If a role is an indirect member of another role, it can use
+SET ROLE
+to change to that role only if there is a chain of grants each of which has
+SET TRUE\&. This option defaults to
+TRUE\&.
+.PP
+To create an object owned by another role or give ownership of an existing object to another role, you must have the ability to
+SET ROLE
+to that role; otherwise, commands such as
+ALTER \&.\&.\&. OWNER TO
+or
+CREATE DATABASE \&.\&.\&. OWNER
+will fail\&. However, a user who inherits the privileges of a role but does not have the ability to
+SET ROLE
+to that role may be able to obtain full access to the role by manipulating existing objects owned by that role (e\&.g\&. they could redefine an existing function to act as a Trojan horse)\&. Therefore, if a role\*(Aqs privileges are to be inherited but should not be accessible via
+SET ROLE, it should not own any SQL objects\&.
+.PP
+If
+GRANTED BY
+is specified, the grant is recorded as having been done by the specified role\&. A user can only attribute a grant to another role if they possess the privileges of that role\&. The role recorded as the grantor must have
+ADMIN OPTION
+on the target role, unless it is the bootstrap superuser\&. When a grant is recorded as having a grantor other than the bootstrap superuser, it depends on the grantor continuing to possess
+ADMIN OPTION
+on the role; so, if
+ADMIN OPTION
+is revoked, dependent grants must be revoked as well\&.
+.PP
+Unlike the case with privileges, membership in a role cannot be granted to
+PUBLIC\&. Note also that this form of the command does not allow the noise word
+GROUP
+in
+\fIrole_specification\fR\&.
+.SH "NOTES"
+.PP
+The
+\fBREVOKE\fR
+command is used to revoke access privileges\&.
+.PP
+Since
+PostgreSQL
+8\&.1, the concepts of users and groups have been unified into a single kind of entity called a role\&. It is therefore no longer necessary to use the keyword
+GROUP
+to identify whether a grantee is a user or a group\&.
+GROUP
+is still allowed in the command, but it is a noise word\&.
+.PP
+A user may perform
+\fBSELECT\fR,
+\fBINSERT\fR, etc\&. on a column if they hold that privilege for either the specific column or its whole table\&. Granting the privilege at the table level and then revoking it for one column will not do what one might wish: the table\-level grant is unaffected by a column\-level operation\&.
+.PP
+When a non\-owner of an object attempts to
+\fBGRANT\fR
+privileges on the object, the command will fail outright if the user has no privileges whatsoever on the object\&. As long as some privilege is available, the command will proceed, but it will grant only those privileges for which the user has grant options\&. The
+\fBGRANT ALL PRIVILEGES\fR
+forms will issue a warning message if no grant options are held, while the other forms will issue a warning if grant options for any of the privileges specifically named in the command are not held\&. (In principle these statements apply to the object owner as well, but since the owner is always treated as holding all grant options, the cases can never occur\&.)
+.PP
+It should be noted that database superusers can access all objects regardless of object privilege settings\&. This is comparable to the rights of
+root
+in a Unix system\&. As with
+root, it\*(Aqs unwise to operate as a superuser except when absolutely necessary\&.
+.PP
+If a superuser chooses to issue a
+\fBGRANT\fR
+or
+\fBREVOKE\fR
+command, the command is performed as though it were issued by the owner of the affected object\&. In particular, privileges granted via such a command will appear to have been granted by the object owner\&. (For role membership, the membership appears to have been granted by the bootstrap superuser\&.)
+.PP
+\fBGRANT\fR
+and
+\fBREVOKE\fR
+can also be done by a role that is not the owner of the affected object, but is a member of the role that owns the object, or is a member of a role that holds privileges
+WITH GRANT OPTION
+on the object\&. In this case the privileges will be recorded as having been granted by the role that actually owns the object or holds the privileges
+WITH GRANT OPTION\&. For example, if table
+t1
+is owned by role
+g1, of which role
+u1
+is a member, then
+u1
+can grant privileges on
+t1
+to
+u2, but those privileges will appear to have been granted directly by
+g1\&. Any other member of role
+g1
+could revoke them later\&.
+.PP
+If the role executing
+\fBGRANT\fR
+holds the required privileges indirectly via more than one role membership path, it is unspecified which containing role will be recorded as having done the grant\&. In such cases it is best practice to use
+\fBSET ROLE\fR
+to become the specific role you want to do the
+\fBGRANT\fR
+as\&.
+.PP
+Granting permission on a table does not automatically extend permissions to any sequences used by the table, including sequences tied to
+SERIAL
+columns\&. Permissions on sequences must be set separately\&.
+.PP
+See
+Section\ \&5.7
+for more information about specific privilege types, as well as how to inspect objects\*(Aq privileges\&.
+.SH "EXAMPLES"
+.PP
+Grant insert privilege to all users on table
+films:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+GRANT INSERT ON films TO PUBLIC;
+.fi
+.if n \{\
+.RE
+.\}
+.PP
+Grant all available privileges to user
+manuel
+on view
+kinds:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+GRANT ALL PRIVILEGES ON kinds TO manuel;
+.fi
+.if n \{\
+.RE
+.\}
+.sp
+Note that while the above will indeed grant all privileges if executed by a superuser or the owner of
+kinds, when executed by someone else it will only grant those permissions for which the someone else has grant options\&.
+.PP
+Grant membership in role
+admins
+to user
+joe:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+GRANT admins TO joe;
+.fi
+.if n \{\
+.RE
+.\}
+.SH "COMPATIBILITY"
+.PP
+According to the SQL standard, the
+PRIVILEGES
+key word in
+ALL PRIVILEGES
+is required\&. The SQL standard does not support setting the privileges on more than one object per command\&.
+.PP
+PostgreSQL
+allows an object owner to revoke their own ordinary privileges: for example, a table owner can make the table read\-only to themselves by revoking their own
+INSERT,
+UPDATE,
+DELETE, and
+TRUNCATE
+privileges\&. This is not possible according to the SQL standard\&. The reason is that
+PostgreSQL
+treats the owner\*(Aqs privileges as having been granted by the owner to themselves; therefore they can revoke them too\&. In the SQL standard, the owner\*(Aqs privileges are granted by an assumed entity
+\(lq_SYSTEM\(rq\&. Not being
+\(lq_SYSTEM\(rq, the owner cannot revoke these rights\&.
+.PP
+According to the SQL standard, grant options can be granted to
+PUBLIC; PostgreSQL only supports granting grant options to roles\&.
+.PP
+The SQL standard allows the
+GRANTED BY
+option to specify only
+CURRENT_USER
+or
+CURRENT_ROLE\&. The other variants are PostgreSQL extensions\&.
+.PP
+The SQL standard provides for a
+USAGE
+privilege on other kinds of objects: character sets, collations, translations\&.
+.PP
+In the SQL standard, sequences only have a
+USAGE
+privilege, which controls the use of the
+NEXT VALUE FOR
+expression, which is equivalent to the function
+\fBnextval\fR
+in PostgreSQL\&. The sequence privileges
+SELECT
+and
+UPDATE
+are PostgreSQL extensions\&. The application of the sequence
+USAGE
+privilege to the
+currval
+function is also a PostgreSQL extension (as is the function itself)\&.
+.PP
+Privileges on databases, tablespaces, schemas, languages, and configuration parameters are
+PostgreSQL
+extensions\&.
+.SH "SEE ALSO"
+\fBREVOKE\fR(7), ALTER DEFAULT PRIVILEGES (\fBALTER_DEFAULT_PRIVILEGES\fR(7))