Update some obsolete stuff in the GRANT and REVOKE reference pages:

simplify the syntax examples by unifying user and group cases, and fix
no-longer-correct example of psql \z output.  Per Erwin Brandstetter.

diff --git a/doc/src/sgml/ref/grant.sgml b/doc/src/sgml/ref/grant.sgml
index e8e93bf9ab34e70ff1708c67ec859dfbb6b58fe1..02941fc9cde56d35c24d5c47a20c253c362b616b 100644 (file)
--- a/doc/src/sgml/ref/grant.sgml
+++ b/doc/src/sgml/ref/grant.sgml
@@ -1,5 +1,5 @@
 
 
@@ -23,34 +23,34 @@ PostgreSQL documentation
 GRANT { { SELECT | INSERT | UPDATE | DELETE | REFERENCES | TRIGGER }
     [,...] | ALL [ PRIVILEGES ] }
     ON [ TABLE ] tablename [, ...]
-    TO { username | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ]
+    TO { [ GROUP ] rolename | PUBLIC } [, ...] [ WITH GRANT OPTION ]
 
 GRANT { { USAGE | SELECT | UPDATE }
     [,...] | ALL [ PRIVILEGES ] }
     ON SEQUENCE sequencename [, ...]
-    TO { username | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ]
+    TO { [ GROUP ] rolename | PUBLIC } [, ...] [ WITH GRANT OPTION ]
 
 GRANT { { CREATE | CONNECT | TEMPORARY | TEMP } [,...] | ALL [ PRIVILEGES ] }
     ON DATABASE dbname [, ...]
-    TO { username | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ]
+    TO { [ GROUP ] rolename | PUBLIC } [, ...] [ WITH GRANT OPTION ]
 
 GRANT { EXECUTE | ALL [ PRIVILEGES ] }
     ON FUNCTION funcname ( [ [ argmode ] [ argname ] argtype [, ...] ] ) [, ...]
-    TO { username | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ]
+    TO { [ GROUP ] rolename | PUBLIC } [, ...] [ WITH GRANT OPTION ]
 
 GRANT { USAGE | ALL [ PRIVILEGES ] }
     ON LANGUAGE langname [, ...]
-    TO { username | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ]
+    TO { [ GROUP ] rolename | PUBLIC } [, ...] [ WITH GRANT OPTION ]
 
 GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
     ON SCHEMA schemaname [, ...]
-    TO { username | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ]
+    TO { [ GROUP ] rolename | PUBLIC } [, ...] [ WITH GRANT OPTION ]
 
 GRANT { CREATE | ALL [ PRIVILEGES ] }
     ON TABLESPACE tablespacename [, ...]
-    TO { username | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ]
+    TO { [ GROUP ] rolename | PUBLIC } [, ...] [ WITH GRANT OPTION ]
 
-GRANT role [, ...] TO username [, ...] [ WITH ADMIN OPTION ]
+GRANT role [, ...] TO rolename [, ...] [ WITH ADMIN OPTION ]
 
  
 
@@ -405,18 +405,16 @@ GRANT role [, ...] TO 
     to obtain information about existing privileges, for example:
 
 => \z mytable
-
-                        Access privileges for database "lusitania"
- Schema |  Name   | Type  |                     Access privileges
---------+---------+-------+-----------------------------------------------------------
- public | mytable | table | {miriam=arwdxt/miriam,=r/miriam,"group todos=arw/miriam"}
+                  Access privileges for database "lusitania"
+ Schema |  Name   | Type  |                 Access privileges                 
+--------+---------+-------+---------------------------------------------------
+ public | mytable | table | {miriam=arwdxt/miriam,=r/miriam,admin=arw/miriam}
 (1 row)
 
     The entries shown by \z are interpreted thus:
 
+      rolename=xxxx -- privileges granted to a role
               =xxxx -- privileges granted to PUBLIC
-         uname=xxxx -- privileges granted to a user
-   group gname=xxxx -- privileges granted to a group
 
                   r -- SELECT ("read")
                   w -- UPDATE ("write")
@@ -432,7 +430,7 @@ GRANT role [, ...] TO 
              arwdxt -- ALL PRIVILEGES (for tables)
                   * -- grant option for preceding privilege
 
-              /yyyy -- user who granted this privilege
+              /yyyy -- role that granted this privilege
 
 
     The above example display would be seen by user miriam after
@@ -440,20 +438,20 @@ GRANT role [, ...] TO 
 
 
 GRANT SELECT ON mytable TO PUBLIC;
-GRANT SELECT, UPDATE, INSERT ON mytable TO GROUP todos;
+GRANT SELECT, UPDATE, INSERT ON mytable TO admin;
 
    
 
    
-   If the Access privileges column is empty for a given object,
-it means the object has default privileges (that is, its privileges column
-is null).  Default privileges always include all privileges for the owner,
-and can include some privileges for PUBLIC depending on the
-object type, as explained above.  The first GRANT or
-REVOKE on an object
-will instantiate the default privileges (producing, for example,
-{miriam=arwdxt/miriam}) and then modify them per the
-specified request.
+    If the Access privileges column is empty for a given object,
+    it means the object has default privileges (that is, its privileges column
+    is null).  Default privileges always include all privileges for the owner,
+    and can include some privileges for PUBLIC depending on the
+    object type, as explained above.  The first GRANT or
+    REVOKE on an object
+    will instantiate the default privileges (producing, for example,
+    {miriam=arwdxt/miriam}) and then modify them per the
+    specified request.
    
 
    

diff --git a/doc/src/sgml/ref/revoke.sgml b/doc/src/sgml/ref/revoke.sgml
index cb4a892454a00a524af44aeb618666f16bf93071..ec70bc37a1501f879ed9cedc2fac75835ac62498 100644 (file)
--- a/doc/src/sgml/ref/revoke.sgml
+++ b/doc/src/sgml/ref/revoke.sgml
@@ -1,5 +1,5 @@
 
 
@@ -24,48 +24,48 @@ REVOKE [ GRANT OPTION FOR ]
     { { SELECT | INSERT | UPDATE | DELETE | REFERENCES | TRIGGER }
     [,...] | ALL [ PRIVILEGES ] }
     ON [ TABLE ] tablename [, ...]
-    FROM { username | GROUP groupname | PUBLIC } [, ...]
+    FROM { [ GROUP ] rolename | PUBLIC } [, ...]
     [ CASCADE | RESTRICT ]
 
 REVOKE [ GRANT OPTION FOR ]
     { { USAGE | SELECT | UPDATE }
     [,...] | ALL [ PRIVILEGES ] }
     ON SEQUENCE sequencename [, ...]
-    FROM { username | GROUP groupname | PUBLIC } [, ...]
+    FROM { [ GROUP ] rolename | PUBLIC } [, ...]
     [ CASCADE | RESTRICT ]
 
 REVOKE [ GRANT OPTION FOR ]
     { { CREATE | CONNECT | TEMPORARY | TEMP } [,...] | ALL [ PRIVILEGES ] }
     ON DATABASE dbname [, ...]
-    FROM { username | GROUP groupname | PUBLIC } [, ...]
+    FROM { [ GROUP ] rolename | PUBLIC } [, ...]
     [ CASCADE | RESTRICT ]
 
 REVOKE [ GRANT OPTION FOR ]
     { EXECUTE | ALL [ PRIVILEGES ] }
     ON FUNCTION funcname ( [ [ argmode ] [ argname ] argtype [, ...] ] ) [, ...]
-    FROM { username | GROUP groupname | PUBLIC } [, ...]
+    FROM { [ GROUP ] rolename | PUBLIC } [, ...]
     [ CASCADE | RESTRICT ]
 
 REVOKE [ GRANT OPTION FOR ]
     { USAGE | ALL [ PRIVILEGES ] }
     ON LANGUAGE langname [, ...]
-    FROM { username | GROUP groupname | PUBLIC } [, ...]
+    FROM { [ GROUP ] rolename | PUBLIC } [, ...]
     [ CASCADE | RESTRICT ]
 
 REVOKE [ GRANT OPTION FOR ]
     { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
     ON SCHEMA schemaname [, ...]
-    FROM { username | GROUP groupname | PUBLIC } [, ...]
+    FROM { [ GROUP ] rolename | PUBLIC } [, ...]
     [ CASCADE | RESTRICT ]
 
 REVOKE [ GRANT OPTION FOR ]
     { CREATE | ALL [ PRIVILEGES ] }
     ON TABLESPACE tablespacename [, ...]
-    FROM { username | GROUP groupname | PUBLIC } [, ...]
+    FROM { [ GROUP ] rolename | PUBLIC } [, ...]
     [ CASCADE | RESTRICT ]
 
 REVOKE [ ADMIN OPTION FOR ]
-    role [, ...] FROM username [, ...]
+    role [, ...] FROM rolename [, ...]
     [ CASCADE | RESTRICT ]
 
  
@@ -107,7 +107,7 @@ REVOKE [ ADMIN OPTION FOR ]
    called dependent privileges. If the privilege or the grant option
    held by the first user is being revoked and dependent privileges
    exist, those dependent privileges are also revoked if
-   CASCADE is specified, else the revoke action
+   CASCADE is specified; if it is not, the revoke action
    will fail.  This recursive revocation only affects privileges that
    were granted through a chain of users that is traceable to the user
    that is the subject of this REVOKE command.