sepgsql: Reword and fix typo in docs on DML permissions.

Per report from Christoph Berg.

diff --git a/doc/src/sgml/sepgsql.sgml b/doc/src/sgml/sepgsql.sgml
index e45c258ac899250da4f585917f64d0f2c634d877..68cc6078af2ef7a3be1ff7896344f453199bd671 100644 (file)
--- a/doc/src/sgml/sepgsql.sgml
+++ b/doc/src/sgml/sepgsql.sgml
@@ -345,42 +345,35 @@ $ sudo semodule -r sepgsql-regtest
 
    
     For tables, db_table:select, db_table:insert,
-    db_table:update or db_table:delete is
+    db_table:update or db_table:delete are
     checked for all the referenced target tables depending on the kind of
-    statement;
-    in addition, db_table:select is also checked for
-    all the tables that contain the columns referenced in the
+    statement; in addition, db_table:select is also checked for
+    all the tables that contain columns referenced in the
     WHERE or RETURNING clause, as a data source
-    of UPDATE, and so on.  For example, consider:
-
-
-UPDATE t1 SET x = 2, y = md5sum(y) WHERE z = 100;
-
-
-    In this case we must have db_table:select in addition to
-    db_table:update, because t1.a is referenced
-    within the WHERE clause.  Column-level permissions will also be
-    checked for each referenced column.
+    for UPDATE, and so on.
    
 
    
-    For columns, db_column:select is checked on
-    not only the columns being read using SELECT, but those being
-    referenced in other DML statements.
-    Of course, it also checks db_column:update or
-    db_column:insert on columns being modified by
-    UPDATE or INSERT.
+    Column-level permissions will also be checked for each referenced column.
+    db_column:select is checked on not only the columns being
+    read using SELECT, but those being referenced in other DML
+    statements; db_column:update or db_column:insert
+    will also be checked for columns being modified by UPDATE or
+    INSERT.
    
 
    
+   For example, consider:
 
 UPDATE t1 SET x = 2, y = md5sum(y) WHERE z = 100;
 
-    In this case, it checks db_column:update on the column
-    t1.x being updated, db_column:{select update}
-    on the column t1.y being updated and referenced, and
-    db_column:select on the column t1.z, since that is
-    only referenced in the WHERE clause.
+
+    Here, db_column:update will be checked for
+    t1.x, since it is being updated,
+    db_column:{select update} will be checked for
+    t1.y, since it is both updated and referenced, and
+    db_column:select will be checked for t1.z, since
+    it is only referenced.
     db_table:{select update} will also be checked
     at the table level.