660 CHAPTER 29 SECURING POSTGRESQL Deleting Groups (Web hosting service)
660 CHAPTER 29 SECURING POSTGRESQL Deleting Groups To remove a group, we use the DROP GROUP command: DROP GROUP groupname DROP GROUP removes the named group, although any users contained within the group will remain. Note PostgreSQL 8.1 will introduce role support, based on the outline found in the SQL standards. Role support will further expand on the USER and GROUP feature set, and promises to be a powerful addition to the PostgreSQL toolset. In some scenarios, using roles will be preferred over the current user and group functions; however, the current user and group functions will remain, so don t be worried that you will have to adjust for a whole new set of commands right away. Still, you ll want to check out the online documentation once 8.1 is released. The GRANT and REVOKE Commands Once users have been created within the system, the task of adding or removing privileges requires use of the GRANTand REVOKE commands. Since privileges are set at the object level, this allows for a high level of granularity for each user in the database. In this section, we take a look at the GRANT and REVOKE commands in detail and walk through a number of examples demonstrating their usage. GRANT You use the GRANT command when you need to assign new privileges to a user or group of users. The privilege assignment is done on a per-object basis, and uses slightly different syntax depending on the object and privilege in question, but follows the same basic structure in all cases: GRANT privilege [, …] ON object [, …] TO {PUBLIC | GROUP groupname | username } [ WITH GRANT OPTION ] The privilege can be one or more privileges appropriate to the object in question. Likewise, the object can be one or more like objects to grant privileges on. The keyword PUBLIC signifies that all users will be granted the privileges. By default, only object owners and superusers can grant permissions on an object; however, the WITHGRANTOPTION passes on these privileges, so that the grantee can then grant said privileges upon others if desired. To better see how these commands come together, let s take a look at a few examples. In our first example, we want to add SELECT privileges on the table salaries to user howard: GRANT SELECT ON salaries TO howard; This is pretty straightforward. For a more complex example, let s say we want to add SELECT and INSERT privileges on the booksand games tables to both howardand robert and allow them to grant those privileges to others:
Check Tomcat Web Hosting services for best quality webspace to host your web application.