Home Explore Blog CI



postgresql
27th chunk of `doc/src/sgml/ddl.sgml`
b69bf79c8248c95956c82fbd422da491a856ee7ae6912f2f0000000100000fc7
 querying system catalogs.
       Also, after revoking this permission, existing sessions might have
       statements that have previously performed this lookup, so this is not
       a completely secure way to prevent object access.
      </para>
      <para>
       For sequences, allows use of the
       <function>currval</function> and <function>nextval</function> functions.
      </para>
      <para>
       For types and domains, allows use of the type or domain in the
       creation of tables, functions, and other schema objects.  (Note that
       this privilege does not control all <quote>usage</quote> of the
       type, such as values of the type appearing in queries.  It only
       prevents objects from being created that depend on the type.  The
       main purpose of this privilege is controlling which users can create
       dependencies on a type, which could prevent the owner from changing
       the type later.)
      </para>
      <para>
       For foreign-data wrappers, allows creation of new servers using the
       foreign-data wrapper.
      </para>
      <para>
       For foreign servers, allows creation of foreign tables using the
       server.  Grantees may also create, alter, or drop their own user
       mappings associated with that server.
      </para>
     </listitem>
    </varlistentry>

    <varlistentry id="ddl-priv-set">
     <term><literal>SET</literal></term>
     <listitem>
      <para>
       Allows a server configuration parameter to be set to a new value
       within the current session.  (While this privilege can be granted
       on any parameter, it is meaningless except for parameters that would
       normally require superuser privilege to set.)
      </para>
     </listitem>
    </varlistentry>

    <varlistentry id="ddl-priv-alter-system">
     <term><literal>ALTER SYSTEM</literal></term>
     <listitem>
      <para>
       Allows a server configuration parameter to be configured to a new
       value using the <xref linkend="sql-altersystem"/> command.
      </para>
     </listitem>
    </varlistentry>

   <varlistentry id="ddl-priv-maintain">
    <term><literal>MAINTAIN</literal></term>
    <listitem>
     <para>
      Allows <command>VACUUM</command>, <command>ANALYZE</command>,
      <command>CLUSTER</command>, <command>REFRESH MATERIALIZED VIEW</command>,
      <command>REINDEX</command>, and <command>LOCK TABLE</command> on a
      relation.
     </para>
    </listitem>
   </varlistentry>
  </variablelist>

   The privileges required by other commands are listed on the
   reference page of the respective command.
  </para>

  <para id="ddl-priv-default">
   PostgreSQL grants privileges on some types of objects to
   <literal>PUBLIC</literal> by default when the objects are created.
   No privileges are granted to <literal>PUBLIC</literal> by default on
   tables,
   table columns,
   sequences,
   foreign data wrappers,
   foreign servers,
   large objects,
   schemas,
   tablespaces,
   or configuration parameters.
   For other types of objects, the default privileges
   granted to <literal>PUBLIC</literal> are as follows:
   <literal>CONNECT</literal> and <literal>TEMPORARY</literal> (create
   temporary tables) privileges for databases;
   <literal>EXECUTE</literal> privilege for functions and procedures; and
   <literal>USAGE</literal> privilege for languages and data types
   (including domains).
   The object owner can, of course, <command>REVOKE</command>
   both default and expressly granted privileges. (For maximum
   security, issue the <command>REVOKE</command> in the same transaction that
   creates the object; then there is no window in which another user
   can use the object.)
   Also, these default privilege settings can be overridden using the
   <xref linkend="sql-alterdefaultprivileges"/> command.
  </para>

  <para>
   <xref linkend="privilege-abbrevs-table"/> shows the one-letter
   abbreviations that are used for these privilege types in
   <firstterm><acronym>ACL</acronym></firstterm>
Title: PostgreSQL Privileges: USAGE (continued), SET, ALTER SYSTEM, MAINTAIN, and Default Privileges
Summary
This section describes more PostgreSQL privileges. USAGE allows creating foreign tables using a server, and creating/altering/dropping user mappings. SET allows setting server configuration parameters within a session. ALTER SYSTEM allows configuring server parameters using ALTER SYSTEM. MAINTAIN allows running VACUUM, ANALYZE, CLUSTER, REFRESH MATERIALIZED VIEW, REINDEX, and LOCK TABLE on a relation. PostgreSQL grants some privileges to PUBLIC by default, while others, like those on tables, sequences, and schemas, are not granted by default. Default privileges can be revoked or overridden using ALTER DEFAULT PRIVILEGES.