Improve wording of documentation on default privileges.

Per recent -hackers discussion.
This commit is contained in:
Andrew Dunstan 2011-07-11 11:12:34 -04:00
parent 4240e429d0
commit 75726307e6

View File

@ -139,15 +139,16 @@ GRANT <replaceable class="PARAMETER">role_name</replaceable> [, ...] TO <replace
</para> </para>
<para> <para>
Depending on the type of object, the initial default privileges might PostgreSQL grants default privileges on some types of objects to
include granting some privileges to <literal>PUBLIC</literal>. <literal>PUBLIC</literal>. No privileges are granted to
The default is no public access for tables, columns, schemas, and <literal>PUBLIC</literal> by default on tables,
tablespaces; columns, schemas or tablespaces. For other types, the default privileges
<literal>CONNECT</> privilege and <literal>TEMP</> table creation privilege granted to <literal>PUBLIC</literal> are as follows:
for databases; <literal>CONNECT</literal> and <literal>CREATE TEMP TABLE</literal> for
<literal>EXECUTE</> privilege for functions; and databases; <literal>EXECUTE</literal> privilege for functions; and
<literal>USAGE</> privilege for languages. <literal>USAGE</literal> privilege for languages.
The object owner can of course revoke these privileges. (For maximum The object owner can, of course, <command>REVOKE</command>
both default and expressly granted privileges. (For maximum
security, issue the <command>REVOKE</> in the same transaction that security, issue the <command>REVOKE</> in the same transaction that
creates the object; then there is no window in which another user creates the object; then there is no window in which another user
can use the object.) can use the object.)