As mentioned earlier in this section, access control lists apply to three types of database objects: tables, lists, and sequences.
For these objects, there are four general privileges which may be granted to, or revoked from, a user or
group. The ability to revoke rights exists only to undo the function of having granted them. Users and groups have no rights to begin with.
From the
psql
client, you can view ACL permission summaries by using the \z
slash command. This command displays all access permissions in the currently connected database. To see permissions on a specific
object, specify that object's name as a parameter to the \z command. You can use a regular
expression in place of a name to see privileges on a group of objects.
Table 10-2 lists each of the Access Control privileges available within PostgreSQL. Each
privilege also has an associated symbol, which appears as a single alphabetical character. These symbols are shorthand for the
described privilege, and are used by the
psql
\z slash command when
displaying summaries of access permissions.
Table 10-2. PostgreSQL ACL privileges
| Keyword |
Symbol |
Description |
|
SELECT
|
r
|
Allows a user to retrieve data from a table, view or sequence (though the
nextval() function may not be called with only
SELECT rights). Also known as "read" rights.
|
|
INSERT
|
a
|
Allows a user to insert new rows into a table. Also known as "append" rights.
|
|
UPDATE, DELETE
|
w
|
Allows a user to modify or remove rows of data from a table. If either the
UPDATE or DELETE right is granted, the other is
implicitly granted as well. Also known as "write" rights.
|
|
RULE
|
R
|
Allows a user to create a rewrite rule on a table or view.
|
|
ALL
|
arwR
|
Represents a shorthand way to grant or revoke all rights at once. ALL is not a right in and of itself.
Granting ALL results in the granting of SELECT, INSERT, UPDATE, DELETE, and RULE.
|
