1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
<!--
$Header: /cvsroot/pgsql/doc/src/sgml/ref/revoke.sgml,v 1.15 2001/06/09 23:21:54 petere Exp $
Postgres documentation
-->
<refentry id="SQL-REVOKE">
<refmeta>
<refentrytitle>REVOKE</refentrytitle>
<refmiscinfo>SQL - Language Statements</refmiscinfo>
</refmeta>
<refnamediv>
<refname>REVOKE</refname>
<refpurpose>Revokes access privilege from a user, a group, or all users.</refpurpose>
</refnamediv>
<refsynopsisdiv>
<synopsis>
REVOKE { { SELECT | INSERT | UPDATE | DELETE | RULE | REFERENCES | TRIGGER } [,...] | ALL [ PRIVILEGES ] }
ON [ TABLE ] <replaceable class="PARAMETER">object</replaceable> [, ...]
FROM { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
</synopsis>
</refsynopsisdiv>
<refsect1 id="SQL-REVOKE-description">
<title>Description</title>
<para>
<command>REVOKE</command> allows the creator of an object to revoke
permissions granted before, from a users or a group of users. The
key word <literal>PUBLIC</literal> means to revoke this privilege
from all users.
</para>
<para>
See the description of the <xref linkend="sql-grant"> command for
the meaning of the privilege types.
</para>
</refsect1>
<refsect1 id="SQL-REVOKE-notes">
<title>Notes</title>
<para>
Use <xref linkend="app-psql">'s <command>\z</command> command to
display the privileges granted on existing objects. See also <xref
linkend="sql-grant"> for information about the format.
</para>
</refsect1>
<refsect1 id="SQL-REVOKE-examples">
<title>Examples</title>
<para>
Revoke insert privilege from all users on table
<literal>films</literal>:
<programlisting>
REVOKE INSERT ON films FROM PUBLIC;
</programlisting>
</para>
<para>
Revoke all privileges from user <literal>manuel</literal> on view <literal>kinds</literal>:
<programlisting>
REVOKE ALL PRIVILEGES ON kinds FROM manuel;
</programlisting>
</para>
</refsect1>
<refsect1 id="SQL-REVOKE-compatibility">
<title>Compatibility</title>
<refsect2>
<title>SQL92</title>
<para>
The compatibility notes of the <xref linkend="sql-grant"> command
apply analogously to <command>REVOKE</command>. The syntax summary is:
<synopsis>
REVOKE [ GRANT OPTION FOR ] { SELECT | INSERT | UPDATE | DELETE | REFERENCES }
ON <replaceable class="parameter">object</replaceable> [ ( <replaceable class="parameter">column</replaceable> [, ...] ) ]
FROM { PUBLIC | <replaceable class="parameter">username</replaceable> [, ...] }
{ RESTRICT | CASCADE }
</synopsis>
</para>
<para>
If user1 gives a privilege WITH GRANT OPTION to user2,
and user2 gives it to user3 then user1 can revoke
this privilege in cascade using the CASCADE keyword.
If user1 gives a privilege WITH GRANT OPTION to user2,
and user2 gives it to user3, then if user1 tries to revoke
this privilege it fails if he specify the RESTRICT
keyword.
</para>
</refsect2>
</refsect1>
<refsect1>
<title>See Also</title>
<simpara>
<xref linkend="sql-grant">
</simpara>
</refsect1>
</refentry>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:nil
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:1
sgml-indent-data:t
sgml-parent-document:nil
sgml-default-dtd-file:"../reference.ced"
sgml-exposed-tags:nil
sgml-local-catalogs:"/usr/lib/sgml/catalog"
sgml-local-ecat-files:nil
End:
-->
|
