as grantees, not PUBLIC ... and you can't say GROUP either. Noted by
Brian Hurt.
index 9b1ed1aebae1c06caeaa33750dd99e447370ef25..d846cd07fde4118f4ccdbeca066b431237b2c1d0 100644 (file)
<!--
-$PostgreSQL: pgsql/doc/src/sgml/ref/grant.sgml,v 1.59 2006年07月20日 18:00:03 momjian Exp $
+$PostgreSQL: pgsql/doc/src/sgml/ref/grant.sgml,v 1.60 2006年08月02日 16:29:49 tgl Exp $
PostgreSQL documentation
-->
@@ -50,8 +50,7 @@ GRANT { CREATE | ALL [ PRIVILEGES ] }
ON TABLESPACE <replaceable>tablespacename</> [, ...]
TO { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...] [ WITH GRANT OPTION ]
-GRANT <replaceable class="PARAMETER">role</replaceable> [, ...]
- TO { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...] [ WITH ADMIN OPTION ]
+GRANT <replaceable class="PARAMETER">role</replaceable> [, ...] TO <replaceable class="PARAMETER">username</replaceable> [, ...] [ WITH ADMIN OPTION ]
</synopsis>
</refsynopsisdiv>
@@ -325,6 +324,12 @@ GRANT <replaceable class="PARAMETER">role</replaceable> [, ...]
Roles having <literal>CREATEROLE</> privilege can grant or revoke
membership in any role that is not a superuser.
</para>
+
+ <para>
+ Unlike the case with privileges, membership in a role cannot be granted
+ to <literal>PUBLIC</>. Note also that this form of the command does not
+ allow the noise word <literal>GROUP</>.
+ </para>
</refsect2>
</refsect1>
index bccb8010b5f803d5f01cec8652bf90d64962a46e..df38437436fe3324a36fc2b1672e7c6a237b8a55 100644 (file)
<!--
-$PostgreSQL: pgsql/doc/src/sgml/ref/revoke.sgml,v 1.38 2006年04月30日 21:15:33 tgl Exp $
+$PostgreSQL: pgsql/doc/src/sgml/ref/revoke.sgml,v 1.39 2006年08月02日 16:29:49 tgl Exp $
PostgreSQL documentation
-->
[ CASCADE | RESTRICT ]
REVOKE [ ADMIN OPTION FOR ]
- <replaceable class="PARAMETER">role</replaceable> [, ...]
- FROM { <replaceable class="PARAMETER">username</replaceable> | GROUP <replaceable class="PARAMETER">groupname</replaceable> | PUBLIC } [, ...]
+ <replaceable class="PARAMETER">role</replaceable> [, ...] FROM <replaceable class="PARAMETER">username</replaceable> [, ...]
[ CASCADE | RESTRICT ]
</synopsis>
</refsynopsisdiv>
<para>
When revoking membership in a role, <literal>GRANT OPTION</> is instead
called <literal>ADMIN OPTION</>, but the behavior is similar.
+ Note also that this form of the command does not
+ allow the noise word <literal>GROUP</>.
</para>
</refsect1>
index 41e6020091993e3607a50586ac3b172a85fd0fa0..c86837d1f7a84b4a7ed815e1c7c577cff56353fb 100644 (file)
-<!-- $PostgreSQL: pgsql/doc/src/sgml/user-manag.sgml,v 1.35 2006年04月30日 21:15:32 tgl Exp $ -->
+<!-- $PostgreSQL: pgsql/doc/src/sgml/user-manag.sgml,v 1.36 2006年08月02日 16:29:49 tgl Exp $ -->
<chapter id="user-manag">
<title>Database Roles and Privileges</title>
@@ -375,7 +375,9 @@ REVOKE <replaceable>group_role</replaceable> FROM <replaceable>role1</replaceabl
</synopsis>
You can grant membership to other group roles, too (since there isn't
really any distinction between group roles and non-group roles). The
- only restriction is that you can't set up circular membership loops.
+ database will not let you set up circular membership loops. Also,
+ it is not permitted to grant membership in a role to
+ <literal>PUBLIC</literal>.
</para>
<para>