Update GRANT example and discussion to match current sources.

diff --git a/doc/src/sgml/ref/grant.sgml b/doc/src/sgml/ref/grant.sgml
index 70e9d581c8339b68edd811079582ecb52622e500..13e19042f50ea58c76b1fed91291d3719478d393 100644 (file)
--- a/doc/src/sgml/ref/grant.sgml
+++ b/doc/src/sgml/ref/grant.sgml
@@ -1,5 +1,5 @@
 
 
@@ -157,11 +157,10 @@ GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
      CREATE
      
       
-       For databases, allows new schemas to be created in the database.
+       For databases, allows new schemas to be created within the database.
       
       
-       For schemas, allows new objects to be created within the specified
-       schema.
+       For schemas, allows new objects to be created within the schema.
       
      
     
@@ -196,9 +195,9 @@ GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
        of privilege that is applicable to procedural languages.
       
       
-       For schemas, allows the use of objects contained in the specified 
+       For schemas, allows access to objects contained in the specified 
        schema (assuming that the objects' own privilege requirements are
-       met).  Essentially this allows the grantee to look up
+       also met).  Essentially this allows the grantee to look up
        objects within the schema.
       
      
@@ -226,6 +225,11 @@ GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
  
   Notes
 
+   
+    The  command is used
+    to revoke access privileges.
+   
+
    
     It should be noted that database superusers can access
     all objects regardless of object privilege settings.  This
@@ -243,19 +247,19 @@ GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
 
    
     Use 's \z command
-    to obtain information about privileges
-    on existing objects:
+    to obtain information about existing privileges, for example:
+
+lusitania=> \z mytable
+    Access privileges for database "lusitania"
+  Table  |           Access privileges
+---------+---------------------------------------
+ mytable | {=r,miriam=arwdRxt,"group todos=arw"}
+
+    The entries shown by \z are interpreted thus:
 
-          Database    = lusitania
-   +------------------+---------------------------------------------+
-   |  Relation        |        Grant/Revoke Permissions             |
-   +------------------+---------------------------------------------+
-   | mytable          | {"=rw","miriam=arwdRxt","group todos=rw"}   |
-   +------------------+---------------------------------------------+
-   Legend:
-         uname=arwR -- privileges granted to a user
-   group gname=arwR -- privileges granted to a group
-              =arwR -- privileges granted to PUBLIC
+              =xxxx -- privileges granted to PUBLIC
+         uname=xxxx -- privileges granted to a user
+   group gname=xxxx -- privileges granted to a group
 
                   r -- SELECT ("read")
                   w -- UPDATE ("write")
@@ -269,12 +273,25 @@ GRANT { { CREATE | USAGE } [,...] | ALL [ PRIVILEGES ] }
                   C -- CREATE
                   T -- TEMPORARY
             arwdRxt -- ALL PRIVILEGES (for tables)
+
+
+    The above example display would be seen by user miriam after
+    creating table mytable and doing
+
+
+GRANT SELECT ON mytable TO PUBLIC;
+GRANT SELECT,UPDATE,INSERT ON mytable TO GROUP todos;
 
    
 
    
-    The  command is used to revoke access
-    privileges.
+   If the Access privileges column is empty for a given object,
+it means the object has default privileges (that is, its privileges field
+is NULL).  Currently, default privileges are interpreted the same way
+for all object types: all privileges for the owner and no privileges for
+anyone else.  The first GRANT on an object will instantiate
+this default (producing, for example, {=,miriam=arwdRxt})
+and then modify it per the specified request.