diff options
Diffstat (limited to 'doc/src')
| -rw-r--r-- | doc/src/sgml/catalogs.sgml | 16 | ||||
| -rw-r--r-- | doc/src/sgml/ref/create_function.sgml | 15 | ||||
| -rw-r--r-- | doc/src/sgml/ref/create_language.sgml | 15 | ||||
| -rw-r--r-- | doc/src/sgml/ref/grant.sgml | 45 | ||||
| -rw-r--r-- | doc/src/sgml/ref/revoke.sgml | 10 | ||||
| -rw-r--r-- | doc/src/sgml/release.sgml | 27 |
6 files changed, 114 insertions, 14 deletions
diff --git a/doc/src/sgml/catalogs.sgml b/doc/src/sgml/catalogs.sgml index 3e098f75ded..20adc19bab8 100644 --- a/doc/src/sgml/catalogs.sgml +++ b/doc/src/sgml/catalogs.sgml @@ -1,6 +1,6 @@ <!-- Documentation of the system catalogs, directed toward PostgreSQL developers - $Header: /cvsroot/pgsql/doc/src/sgml/catalogs.sgml,v 2.29 2001/11/21 05:53:40 thomas Exp $ + $Header: /cvsroot/pgsql/doc/src/sgml/catalogs.sgml,v 2.30 2002/02/18 23:10:59 petere Exp $ --> <chapter id="catalogs"> @@ -1261,6 +1261,13 @@ <entry></entry> <entry>not currently used</entry> </row> + + <row> + <entry>lanacl</entry> + <entry><type>aclitem[]</type></entry> + <entry></entry> + <entry>Access permissions</entry> + </row> </tbody> </tgroup> </table> @@ -1699,6 +1706,13 @@ Again, the interpretation is language-specific. </entry> </row> + + <row> + <entry>proacl</entry> + <entry><type>aclitem[]</type></entry> + <entry></entry> + <entry>Access permissions</entry> + </row> </tbody> </tgroup> </table> diff --git a/doc/src/sgml/ref/create_function.sgml b/doc/src/sgml/ref/create_function.sgml index df643cd8e8b..9e919abba62 100644 --- a/doc/src/sgml/ref/create_function.sgml +++ b/doc/src/sgml/ref/create_function.sgml @@ -1,5 +1,5 @@ <!-- -$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_function.sgml,v 1.30 2001/12/08 03:24:34 thomas Exp $ +$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_function.sgml,v 1.31 2002/02/18 23:11:02 petere Exp $ --> <refentry id="SQL-CREATEFUNCTION"> @@ -270,6 +270,17 @@ CREATE [ OR REPLACE ] FUNCTION <replaceable class="parameter">name</replaceable> definition without breaking objects that refer to the function. </para> + <para> + To be able to define a function, the user must have the + <literal>USAGE</literal> privilege on the language. + </para> + + <para> + By default, only the owner (creator) of the function has the right + to execute it. Other users must be granted the + <literal>EXECUTE</literal> privilege on the function to be able to + use it. + </para> </refsect1> @@ -369,7 +380,9 @@ Point * complex_to_point (Complex *z) <para> <xref linkend="sql-dropfunction">, + <xref linkend="sql-grant">, <xref linkend="sql-load">, + <xref linkend="sql-revoke">, <citetitle>PostgreSQL Programmer's Guide</citetitle> </para> </refsect1> diff --git a/doc/src/sgml/ref/create_language.sgml b/doc/src/sgml/ref/create_language.sgml index 3d2b71198fc..406e8676868 100644 --- a/doc/src/sgml/ref/create_language.sgml +++ b/doc/src/sgml/ref/create_language.sgml @@ -1,5 +1,5 @@ <!-- -$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_language.sgml,v 1.20 2001/12/08 03:24:34 thomas Exp $ +$Header: /cvsroot/pgsql/doc/src/sgml/ref/create_language.sgml,v 1.21 2002/02/18 23:11:02 petere Exp $ PostgreSQL documentation --> @@ -203,8 +203,8 @@ ERROR: PL handler function <replaceable class="parameter">funcname</replaceable lanname | lanispl | lanpltrusted | lanplcallfoid | lancompiler -------------+---------+--------------+---------------+------------- internal | f | f | 0 | n/a - C | f | f | 0 | /bin/cc - sql | f | f | 0 | postgres + c | f | f | 0 | /bin/cc + sql | f | t | 0 | postgres </screen> </para> @@ -212,6 +212,13 @@ ERROR: PL handler function <replaceable class="parameter">funcname</replaceable At present, the definition of a procedural language cannot be changed once it has been created. </para> + + <para> + To be able to use a procedural language, a user must be granted the + <literal>USAGE</literal> privilege. The + <command>createlang</command> program automatically grants + permissions to everyone if the language is known to be trusted. + </para> </refsect1> <refsect1 id="sql-createlanguage-examples"> @@ -257,6 +264,8 @@ CREATE LANGUAGE plsample <member><xref linkend="sql-createfunction"></member> <member><xref linkend="app-droplang"></member> <member><xref linkend="sql-droplanguage"></member> + <member><xref linkend="sql-grant"></member> + <member><xref linkend="sql-revoke"></member> <member><citetitle>PostgreSQL Programmer's Guide</citetitle></member> </simplelist> </para> diff --git a/doc/src/sgml/ref/grant.sgml b/doc/src/sgml/ref/grant.sgml index 8f07f4adf59..30168f2e65b 100644 --- a/doc/src/sgml/ref/grant.sgml +++ b/doc/src/sgml/ref/grant.sgml @@ -1,5 +1,5 @@ <!-- -$Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.19 2002/01/20 22:19:57 petere Exp $ +$Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.20 2002/02/18 23:11:02 petere Exp $ PostgreSQL documentation --> @@ -19,6 +19,14 @@ PostgreSQL documentation GRANT { { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRIGGER } [,...] | ALL [ PRIVILEGES ] } ON [ TABLE ] <replaceable class="PARAMETER">objectname</replaceable> [, ...] TO { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...] + +GRANT { EXECUTE | ALL [ PRIVILEGES ] } + ON FUNCTION <replaceable>funcname</replaceable> ([<replaceable>type</replaceable>, ...]) [, ...] + TO { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...] + +GRANT { USAGE | ALL [ PRIVILEGES ] } + ON LANGUAGE <replaceable>langname</replaceable> [, ...] + TO { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...] </synopsis> </refsynopsisdiv> @@ -27,8 +35,9 @@ GRANT { { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRIGGER } [,.. <para> The <command>GRANT</command> command gives specific permissions on - an object (table, view, sequence) to one or more users or groups of users. - These permissions are added to those already granted, if any. + an object (table, view, sequence, function, procedural language) to + one or more users or groups of users. These permissions are added + to those already granted, if any. </para> <para> @@ -135,13 +144,35 @@ GRANT { { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRIGGER } [,.. </varlistentry> <varlistentry> + <term>EXECUTE</term> + <listitem> + <para> + Allows the use of the specified function and the use of any + operators that are implemented on top of the function. This is + the only type of privilege that is applicable to functions. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>USAGE</term> + <listitem> + <para> + Allows the use of the specified procedural language for the + creation of functions in that language. This is the only type + of privilege that is applicable to procedural languages. + </para> + </listitem> + </varlistentry> + + <varlistentry> <term>ALL PRIVILEGES</term> <listitem> <para> - Grant all of the above privileges at once. The - <literal>PRIVILEGES</literal> key word is optional in - <productname>PostgreSQL</productname>, though it is - required by strict SQL. + Grant all of the privileges applicable to the object at once. + The <literal>PRIVILEGES</literal> key word is optional in + <productname>PostgreSQL</productname>, though it is required by + strict SQL. </para> </listitem> </varlistentry> diff --git a/doc/src/sgml/ref/revoke.sgml b/doc/src/sgml/ref/revoke.sgml index 6a858c5b3df..c0d03c55344 100644 --- a/doc/src/sgml/ref/revoke.sgml +++ b/doc/src/sgml/ref/revoke.sgml @@ -1,5 +1,5 @@ <!-- -$Header: /cvsroot/pgsql/doc/src/sgml/ref/revoke.sgml,v 1.19 2001/12/08 03:24:39 thomas Exp $ +$Header: /cvsroot/pgsql/doc/src/sgml/ref/revoke.sgml,v 1.20 2002/02/18 23:11:03 petere Exp $ PostgreSQL documentation --> @@ -19,6 +19,14 @@ PostgreSQL documentation REVOKE { { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRIGGER } [,...] | ALL [ PRIVILEGES ] } ON [ TABLE ] <replaceable class="PARAMETER">object</replaceable> [, ...] FROM { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...] + +REVOKE { EXECUTE | ALL [ PRIVILEGES ] } + ON FUNCTION <replaceable>funcname</replaceable> ([<replaceable>type</replaceable>, ...]) [, ...] + FROM { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...] + +REVOKE { USAGE | ALL [ PRIVILEGES ] } + ON LANGUAGE <replaceable>langname</replaceable> [, ...] + FROM { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...] </synopsis> </refsynopsisdiv> diff --git a/doc/src/sgml/release.sgml b/doc/src/sgml/release.sgml index a4e3bb88672..67a4a7df92e 100644 --- a/doc/src/sgml/release.sgml +++ b/doc/src/sgml/release.sgml @@ -1,10 +1,35 @@ <!-- -$Header: /cvsroot/pgsql/doc/src/sgml/release.sgml,v 1.115 2002/01/31 21:20:03 momjian Exp $ +$Header: /cvsroot/pgsql/doc/src/sgml/release.sgml,v 1.116 2002/02/18 23:11:00 petere Exp $ --> <appendix id="release"> <title>Release Notes</title> + <sect1 id="release-devel"> + <title>&version; Development Branch</title> + + <para> + Below is a subset of the changes that have gone into the + development branch of PostgreSQL since version 7.2. For a complete + list of changes, consult the CVS logs. + </para> + +<!-- +Developers: When you add a feature, mention it here. This avoids +lossiness when digging out the information from the CVS logs, and +furthermore it advertises your feature to external parties at the +earliest possible moment. + +CDATA means the content is "SGML-free", so you can write without +worries about funny characters. +--> +<literallayout><![CDATA[ +Access privileges on functions +Access privileges on procedural languages +]]></literallayout> + + </sect1> + <sect1 id="release-7-2"> <title>Release 7.2</title> |