Home Explore Blog CI



postgresql
25th chunk of `doc/src/sgml/ddl.sgml`
5b163776785942baff5994b6dbf0bccff4e0958a84122da10000000100000fa0
 <term><literal>SELECT</literal></term>
     <listitem>
      <para>
       Allows <command>SELECT</command> from
       any column, or specific column(s), of a table, view, materialized
       view, or other table-like object.
       Also allows use of <command>COPY TO</command>.
       This privilege is also needed to reference existing column values in
       <command>UPDATE</command>, <command>DELETE</command>,
       or <command>MERGE</command>.
       For sequences, this privilege also allows use of the
       <function>currval</function> function.
       For large objects, this privilege allows the object to be read.
      </para>
     </listitem>
    </varlistentry>

    <varlistentry id="ddl-priv-insert">
     <term><literal>INSERT</literal></term>
     <listitem>
      <para>
       Allows <command>INSERT</command> of a new row into a table, view,
       etc.  Can be granted on specific column(s), in which case
       only those columns may be assigned to in the <command>INSERT</command>
       command (other columns will therefore receive default values).
       Also allows use of <command>COPY FROM</command>.
      </para>
     </listitem>
    </varlistentry>

    <varlistentry id="ddl-priv-update">
     <term><literal>UPDATE</literal></term>
     <listitem>
      <para>
       Allows <command>UPDATE</command> of any
       column, or specific column(s), of a table, view, etc.
       (In practice, any nontrivial <command>UPDATE</command> command will
       require <literal>SELECT</literal> privilege as well, since it must
       reference table columns to determine which rows to update, and/or to
       compute new values for columns.)
       <literal>SELECT ... FOR UPDATE</literal>
       and <literal>SELECT ... FOR SHARE</literal>
       also require this privilege on at least one column, in addition to the
       <literal>SELECT</literal> privilege.  For sequences, this
       privilege allows use of the <function>nextval</function> and
       <function>setval</function> functions.
       For large objects, this privilege allows writing or truncating the
       object.
      </para>
     </listitem>
    </varlistentry>

    <varlistentry id="ddl-priv-delete">
     <term><literal>DELETE</literal></term>
     <listitem>
      <para>
       Allows <command>DELETE</command> of a row from a table, view, etc.
       (In practice, any nontrivial <command>DELETE</command> command will
       require <literal>SELECT</literal> privilege as well, since it must
       reference table columns to determine which rows to delete.)
      </para>
     </listitem>
    </varlistentry>

    <varlistentry id="ddl-priv-truncate">
     <term><literal>TRUNCATE</literal></term>
     <listitem>
      <para>
       Allows <command>TRUNCATE</command> on a table.
      </para>
     </listitem>
    </varlistentry>

    <varlistentry id="ddl-priv-references">
     <term><literal>REFERENCES</literal></term>
     <listitem>
      <para>
       Allows creation of a foreign key constraint referencing a
       table, or specific column(s) of a table.
      </para>
     </listitem>
    </varlistentry>

    <varlistentry id="ddl-priv-trigger">
     <term><literal>TRIGGER</literal></term>
     <listitem>
      <para>
       Allows creation of a trigger on a table, view, etc.
      </para>
     </listitem>
    </varlistentry>

    <varlistentry id="ddl-priv-create">
     <term><literal>CREATE</literal></term>
     <listitem>
      <para>
       For databases, allows new schemas and publications to be created within
       the database, and allows trusted extensions to be installed within
       the database.
      </para>
      <para>
       For schemas, allows new objects to be created within the schema.
       To rename an existing object, you must own the
       object <emphasis>and</emphasis> have this privilege for the containing
       schema.
      </para>
      <para>
       For tablespaces, allows tables, indexes, and temporary files to be
Title: PostgreSQL Privileges: INSERT, UPDATE, DELETE, TRUNCATE, REFERENCES, TRIGGER, and CREATE
Summary
This section describes additional privileges in PostgreSQL. INSERT allows adding rows to tables/views, optionally restricted to specific columns, and using COPY FROM. UPDATE permits modifying columns in tables/views, often requiring SELECT privilege for determining rows and computing new values; it is also needed for SELECT ... FOR UPDATE and SELECT ... FOR SHARE. DELETE allows removing rows, also usually requiring SELECT. TRUNCATE allows using the TRUNCATE command on a table. REFERENCES permits creating foreign key constraints. TRIGGER allows creating triggers. CREATE, for databases, allows creating new schemas and publications, and installing trusted extensions; for schemas, it permits creating new objects; for tablespaces, it allows creating tables, indexes, and temporary files.