ON TABLESPACE tablespacename [, ...]
TO { username | GROUP groupname | PUBLIC } [, ...] [ WITH GRANT OPTION ]
-GRANT role [, ...]
- TO { username | GROUP groupname | PUBLIC } [, ...] [ WITH ADMIN OPTION ]
+GRANT role [, ...] TO username [, ...] [ WITH ADMIN OPTION ]
Roles having CREATEROLE privilege can grant or revoke
membership in any role that is not a superuser.
+
+ Unlike the case with privileges, membership in a role cannot be granted
+ to PUBLIC. Note also that this form of the command does not
+ allow the noise word GROUP.
+
[ CASCADE | RESTRICT ]
REVOKE [ ADMIN OPTION FOR ]
- role [, ...]
- FROM { username | GROUP groupname | PUBLIC } [, ...]
+ role [, ...] FROM username [, ...]
[ CASCADE | RESTRICT ]
When revoking membership in a role, GRANT OPTION is instead
called ADMIN OPTION, but the behavior is similar.
+ Note also that this form of the command does not
+ allow the noise word GROUP.
-
+
Database Roles and Privileges
You can grant membership to other group roles, too (since there isn't
really any distinction between group roles and non-group roles). The
- only restriction is that you can't set up circular membership loops.
+ database will not let you set up circular membership loops. Also,
+ it is not permitted to grant membership in a role to
+ PUBLIC.
projects / postgresql.git / commitdiff