📄 revoke.sgml
字号:
<refentry id="SQL-REVOKE"> <refmeta> <refentrytitle> REVOKE </refentrytitle> <refmiscinfo>SQL - Language Statements</refmiscinfo> </refmeta> <refnamediv> <refname> REVOKE </refname> <refpurpose> Revokes access privilege from a user, a group or all users. </refpurpose> </refnamediv> <refsynopsisdiv> <refsynopsisdivinfo> <date>1998-09-24</date> </refsynopsisdivinfo> <synopsis>REVOKE <replaceable class="PARAMETER">privilege</replaceable> [, ...] ON <replaceable class="PARAMETER">object</replaceable> [, ...] FROM { PUBLIC | GROUP <replaceable class="PARAMETER">ER">g</replaceable>BLE> | <replaceable class="PARAMETER">username</replaceable> } </synopsis> <refsect2 id="R2-SQL-REVOKE-1"> <refsect2info> <date>1998-09-24</date> </refsect2info> <title> Inputs </title> <para> <variablelist> <varlistentry> <term><replaceable class="PARAMETER">privilege</replaceable></term> <listitem> <para> The possible privileges are: <variablelist> <varlistentry> <term>SELECT</term> <listitem> <para> Privilege to access all of the columns of a specific table/view. </para> </listitem> </varlistentry> <varlistentry> <term>INSERT</term> <listitem> <para> Privilege to insert data into all columns of a specific table. </para> </listitem> </varlistentry> <varlistentry> <term>UPDATE</term> <listitem> <para> Privilege to update all columns of a specific table. </para> </listitem> </varlistentry> <varlistentry> <term>DELETE</term> <listitem> <para> Privilege to delete rows from a specific table. </para> </listitem> </varlistentry> <varlistentry> <term>RULE</term> <listitem> <para> Privilege to define rules on table/view. (See <command>CREATE RULE</command>). </para> </listitem> </varlistentry> <varlistentry> <term>ALL</term> <listitem> <para> Rescind all privileges. </para> </listitem> </varlistentry> </variablelist> </para> </listitem> </varlistentry> <varlistentry> <term><replaceable class="PARAMETER">object</replaceable></term> <listitem> <para> The name of an object from which to revoke access. The possible objects are: <itemizedlist spacing="compact" mark="bullet"> <listitem> <para> table </para> </listitem> <listitem> <para> view </para> </listitem> <listitem> <para> sequence </para> </listitem> <listitem> <para> index </para> </listitem> </itemizedlist> </para> </listitem> </varlistentry> <varlistentry> <term><replaceable class="PARAMETER">group</replaceable></term> <listitem> <para> The name of a group from whom to revoke privileges. </para> </listitem> </varlistentry> <varlistentry> <term><replaceable class="PARAMETER">username</replaceable></term> <listitem> <para> The name of a user from whom revoke privileges. Use the PUBLIC keyword to specify all users. </para> </listitem> </varlistentry> <varlistentry> <term>PUBLIC</term> <listitem> <para> Rescind the specified privilege(s) for all users. </para> </listitem> </varlistentry> </variablelist> </para> </refsect2> <refsect2 id="R2-SQL-REVOKE-2"> <refsect2info> <date>1998-09-24</date> </refsect2info> <title> Outputs </title> <para> <variablelist> <varlistentry> <term><computeroutput>CHANGE </computeroutput></term> <listitem> <para> Message returned if successfully. </para> </listitem> </varlistentry> <varlistentry> <term><computeroutput>ERROR </computeroutput></term> <listitem> <para> Message returned if object is not available or impossible to revoke privileges from a group or users. </para> </listitem> </varlistentry> </variablelist> </para> </refsect2> </refsynopsisdiv> <refsect1 id="R1-SQL-REVOKE-1"> <refsect1info> <date>1998-09-24</date> </refsect1info> <title> Description </title> <para> <command>REVOKE</command> allows creator of an object to revoke permissions granted before, from all users (via PUBLIC) or a certain user or group. </para> <refsect2 id="R2-SQL-REVOKE-3"> <refsect2info> <date>1998-09-24</date> </refsect2info> <title> Notes </title> <para> Refer to psql \z command for further information about permissions on existing objects: <programlisting>Database = lusitania+------------------+---------------------------------------------+| Relation | Grant/Revoke Permissions |+------------------+---------------------------------------------+| mytable | {"=rw","miriam=arwR","group todos=rw"} |+------------------+---------------------------------------------+Legend: uname=arwR -- privileges granted to a user group gname=arwR -- privileges granted to a GROUP =arwR -- privileges granted to PUBLIC r -- SELECT w -- UPDATE/DELETE a -- INSERT R -- RULE arwR -- ALL </programlisting> </para> <tip> <para> Currently, to create a GROUP you have to insert data manually into table pg_group as: <programlisting>INSERT INTO pg_group VALUES ('todos');CREATE USER miriam IN GROUP todos; </programlisting> </para> </tip> </refsect2> </refsect1> <refsect1 id="R1-SQL-REVOKE-2"> <title> Usage </title> <para> Revoke insert privilege from all users on table <literal>films</literal>: <programlisting>REVOKE INSERT ON films FROM PUBLIC; </programlisting> </para> <para> Revoke all privileges from user <literal>manuel</literal> on view <literal>kinds</literal>: <programlisting> REVOKE ALL ON kinds FROM manuel; </programlisting> </para> </refsect1> <refsect1 id="R1-SQL-REVOKE-3"> <title> Compatibility </title> <refsect2 id="R2-SQL-REVOKE-4"> <refsect2info> <date>1998-09-01</date> </refsect2info> <title> SQL92 </title> <para> The SQL92 syntax for <command>REVOKE</command> has additional capabilities for rescinding privileges, including those on individual columns in tables: <variablelist> <varlistentry> <term> <synopsis>REVOKE { SELECT | DELETE | USAGE | ALL PRIVILEGES } [, ...] ON <replaceable class="parameter">object</replaceable> FROM { PUBLIC | <replaceable class="parameter">username</replaceable> [, ...] } { RESTRICT | CASCADE }REVOKE { INSERT | UPDATE | REFERENCES } [, ...] [ ( <replaceable class="parameter">column</replaceable> [, ...] ) ] ON <replaceable class="parameter">object</replaceable> FROM { PUBLIC | <replaceable class="parameter">username</replaceable> [, ...] } { RESTRICT | CASCADE } </synopsis> </term> <listitem> <para> Refer to <command>GRANT</command> for details on individual fields. </para> </listitem> </varlistentry> <varlistentry> <term> <synopsis>REVOKE GRANT OPTION FOR <replaceable class="parameter">privilege</replaceable> [, ...] ON <replaceable class="parameter">object</replaceable> FROM { PUBLIC | <replaceable class="parameter">username</replaceable> [, ...] } { RESTRICT | CASCADE } </synopsis> </term> <listitem> <para> Rescinds authority for a user to grant the specified privilege to others. Refer to the <command>GRANT</command> command for details on individual fields. </para> </listitem> </varlistentry> </variablelist> </para> <para> The possible objects are: <simplelist> <member> [ TABLE ] table/view </member> <member> CHARACTER SET character-set </member> <member> COLLATION collation </member> <member> TRANSLATION translation </member> <member> DOMAIN domain </member> </simplelist> </para> <para> If user1 gives a privilege WITH GRANT OPTION to user2, and user2 gives it to user3 then user1 can revoke this privilege in cascade using the CASCADE keyword. </para> <para> If user1 gives a privilege WITH GRANT OPTION to user2, and user2 gives it to user3 then if user1 try revoke this privilege it fails if he/she specify the RESTRICT keyword. </para> </refsect2> </refsect1></refentry><!-- Keep this comment at the end of the fileLocal variables:mode: sgmlsgml-omittag:nilsgml-shorttag:tsgml-minimize-attributes:nilsgml-always-quote-attributes:tsgml-indent-step:1sgml-indent-data:tsgml-parent-document:nilsgml-default-dtd-file:"../reference.ced"sgml-exposed-tags:nilsgml-local-catalogs:"/usr/lib/sgml/catalog"sgml-local-ecat-files:nilEnd:-->⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -