Managing database users and their privileges is in concept similar
- to that of Unix operating systems, but then again not identical
- enough to not warrant explanation.
+ to managing users of a Unix operating system, but the details are not
+ identical.
Database Users
- Database users are conceptually completely separate from any
+ Database users are conceptually completely separate from
operating system users. In practice it might be convenient to
maintain a correspondence, but this is not required. Database user
names are global across a database cluster installation (and not
For convenience, the shell scripts createuser
- and dropuser are wrappers around these SQL
+ and dropuser are provided as wrappers around these SQL
commands.
initdb) it will have the same name as the
operating system user that initialized the area (and is presumably
being used as the user that runs the server). Customarily, this user
- will be called postgres. In order to create more
- users you have to first connect as this initial user.
+ will be named postgres. In order to create more
+ users you first have to connect as this initial user.
determined by the client authentication setup, as explained in
. (Thus, a client is not
necessarily limited to connect as the user with the same name as
- its operating system user in the same way a person is not
+ its operating system user, in the same way a person is not
constrained in its login name by her real name.)
A password is only significant if password authentication is
- used for client authentication. Database passwords a separate
- from any operating system passwords. Specify a password upon
- user creating as in CREATE USER name WITH PASSWORD
+ used for client authentication. Database passwords are separate
+ from operating system passwords. Specify a password upon
+ user creation with CREATE USER name PASSWORD
'string'.
+ A user's attributes can be modified after creation with
+ ALTER USER.
See the reference pages for CREATE USER and
ALTER USER for details.
Groups
- As in Unix, groups are a way of logically grouping users. To create
- a group, use
+ As in Unix, groups are a way of logically grouping users to ease
+ management of permissions: permissions can be granted to, or revoked
+ from, a group as a whole. To create a group, use
CREATE GROUP name
- To add users to or remove users from a group, respectively, user
+ To add users to or remove users from a group, use
ALTER GROUP name ADD USER uname1, ...
ALTER GROUP name DROP USER uname1, ...
The special user
name PUBLIC can
be used to grant a privilege to every user on the system. Using
- ALL in place of a privilege specifies that all
+ ALL in place of a specific privilege specifies that all
privileges will be granted.
REVOKE ALL ON accounts FROM PUBLIC;
- The set of privileges held by the table owner is always implicit
- and cannot be revoked.
+ The special privileges of the table owner are always implicit
+ and cannot be granted or revoked.
projects / postgresql.git / commitdiff