Index: doc/src/sgml/user-manag.sgml =================================================================== RCS file: /var/lib/cvs/pgsql-server/doc/src/sgml/user-manag.sgml,v retrieving revision 1.13 diff -c -r1.13 user-manag.sgml *** doc/src/sgml/user-manag.sgml 19 Jul 2002 18:53:50 -0000 1.13 --- doc/src/sgml/user-manag.sgml 15 Aug 2002 03:52:48 -0000 *************** *** 1,10 **** ! Database Users and Permissions Managing database users and their privileges is in concept similar ! to managing users of a Unix operating system, but the details are not ! identical. --- 1,14 ---- ! ! ! Database Users and Permissions Managing database users and their privileges is in concept similar ! to managing the users of a Unix operating system, but the details ! are not identical. *************** *** 27,34 **** ! For convenience, the shell scripts createuser ! and dropuser are provided as wrappers around these SQL commands. --- 31,38 ---- ! For convenience, the shell scripts createuser ! and dropuser are provided as wrappers around these SQL commands. *************** *** 36,53 **** In order to bootstrap the database system, a freshly initialized system always contains one predefined user. This user will have the fixed id 1, and by default (unless altered when running ! initdb) it will have the same name as the ! operating system user that initialized the area (and is presumably ! being used as the user that runs the server). Customarily, this user ! will be named postgres. In order to create more ! users you first have to connect as this initial user. The user name to use for a particular database connection is indicated by the client that is initiating the connection request in an application-specific fashion. For example, the ! psql program uses the command line option to indicate the user to connect as. The set of database users a given client connection may connect as is determined by the client authentication setup, as explained in --- 40,57 ---- In order to bootstrap the database system, a freshly initialized system always contains one predefined user. This user will have the fixed id 1, and by default (unless altered when running ! initdb) it will have the same name as ! the operating system user that initialized the database ! cluster. Customarily, this user will be named ! postgres. In order to create more users ! you first have to connect as this initial user. The user name to use for a particular database connection is indicated by the client that is initiating the connection request in an application-specific fashion. For example, the ! psql program uses the command line option to indicate the user to connect as. The set of database users a given client connection may connect as is determined by the client authentication setup, as explained in *************** *** 71,77 **** A database superuser bypasses all permission checks. Also, only a superuser can create new users. To create a database ! superuser, use CREATE USER name CREATEUSER. --- 75,81 ---- A database superuser bypasses all permission checks. Also, only a superuser can create new users. To create a database ! superuser, use CREATE USER name CREATEUSER. *************** *** 83,90 **** A user must be explicitly given permission to create databases (except for superusers, since those bypass all permission ! checks). To create such a user, use CREATE USER name ! CREATEDB. --- 87,94 ---- A user must be explicitly given permission to create databases (except for superusers, since those bypass all permission ! checks). To create such a user, use CREATE USER ! name CREATEDB. *************** *** 93,103 **** password ! A password is only significant if password authentication is ! used for client authentication. Database passwords are separate ! from operating system passwords. Specify a password upon ! user creation with CREATE USER name PASSWORD ! 'string'. --- 97,110 ---- password ! A password is only significant if the client authentication ! method requires the user to supply a password when connecting ! to the database. At present, the *************** *** 134,159 **** When a database object is created, it is assigned an owner. The ! owner is the user that executed the creation statement. There is ! currently no polished interface for changing the owner of a database ! object (except for tables, for which ALTER TABLE can do it). ! By default, only an owner (or a superuser) can do anything ! with the object. In order to allow other users to use it, ! privileges must be granted. ! There are several different privileges: SELECT ! (read), INSERT (append), UPDATE ! (write), DELETE, RULE, ! REFERENCES (foreign key), and ! TRIGGER. (See the GRANT manual ! page for more detailed information.) The right to modify or destroy ! an object is always the privilege of the owner only. To assign ! privileges, the GRANT command is used. So, if ! joe is an existing user, and ! accounts is an existing table, write access can be ! granted with GRANT UPDATE ON accounts TO joe; --- 141,169 ---- When a database object is created, it is assigned an owner. The ! owner is the user that executed the creation statement. To change ! the owner of a table, index, sequence, or view, use the ! ALTER TABLE command. By default, only an owner ! (or a superuser) can do anything with the object. In order to allow ! other users to use it, privileges must be ! granted. ! There are several different privileges: SELECT, ! INSERT, UPDATE, DELETE, ! RULE, REFERENCES, TRIGGER, ! CREATE, TEMPORARY, EXECUTE, ! USAGE, and ALL PRIVILEGES. For more ! information on the different types of privileges support by ! PostgreSQL, refer to the ! GRANT reference manual. The right to modify or ! destroy an object is always the privilege of the owner only. To ! assign privileges, the GRANT command is ! used. So, if joe is an existing user, and ! accounts is an existing table, the privilege to ! update the table can be granted with ! GRANT UPDATE ON accounts TO joe; *************** *** 210,213 **** ! --- 220,223 ---- !