[HACKERS] Omission in GRANT documentation

Tue, 10 Oct 2017 00:36:09 -0700 

grant.sgml says that

   the default privileges granted to PUBLIC are as follows: CONNECT and
 
   CREATE TEMP TABLE for databases; EXECUTE privilege for functions;
   and USAGE privilege for languages.

But types also have the USAGE privilege for PUBLIC by default:

test=> CREATE TYPE bug_status AS ENUM ('new', 'open', 'closed');
CREATE TYPE
test=> GRANT USAGE ON TYPE bug_status TO duff;
GRANT
test=> REVOKE USAGE ON TYPE bug_status FROM duff;
REVOKE
test=> \dT+ bug_status
                         List of data types
 Schema |    Name    | ... |  Owner  | Access privileges | ...
--------+------------+-----+---------+-------------------+-----
 public | bug_status |     | laurenz | =U/laurenz       +| 
        |            |     |         | laurenz=U/laurenz | 
(1 row)

Hence I propose the attached documentation patch.

Yours,
Laurenz Albe
From e1213e1e91cd0c45fcca8df492f1017f2eacc4bc Mon Sep 17 00:00:00 2001
From: Laurenz Albe <laurenz.a...@wien.gv.at>
Date: Tue, 10 Oct 2017 09:21:36 +0200
Subject: [PATCH] Fix documentation of default privileges for types

Document that PUBLIC has USAGE privileges on newly created types.
---
 doc/src/sgml/ref/grant.sgml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doc/src/sgml/ref/grant.sgml b/doc/src/sgml/ref/grant.sgml
index c63252c..8936963 100644
--- a/doc/src/sgml/ref/grant.sgml
+++ b/doc/src/sgml/ref/grant.sgml
@@ -161,7 +161,7 @@ GRANT <replaceable class="PARAMETER">role_name</replaceable> [, ...] TO <replace
    granted to <literal>PUBLIC</literal> are as follows:
    <literal>CONNECT</literal> and <literal>CREATE TEMP TABLE</literal> for
    databases; <literal>EXECUTE</literal> privilege for functions; and
-   <literal>USAGE</literal> privilege for languages.
+   <literal>USAGE</literal> privilege for languages and types.
    The object owner can, of course, <command>REVOKE</command>
    both default and  expressly granted privileges. (For maximum
    security, issue the <command>REVOKE</> in the same transaction that
-- 
2.9.5


-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Reply via email to