Privileges (ACL)

Top Previous Next

When an object is created, it is assigned an owner. The owner is normally the role that executed the creation statement. For most kinds of objects, the initial state is that only the owner (or a superuser) can do anything with the object. To allow other roles to use it, privileges must be granted. There are several different kinds of privilege: SELECT, INSERT, UPDATE, DELETE, TRUNCATE, REFERENCES, TRIGGER, CREATE, CONNECT, TEMPORARY, EXECUTE, and USAGE.

To assign, modify and remove model objects' privileges, the ACL Manager is used.

tip ACL stands for "Access Control List". We will use this term along with "Privileges" term.

The special name PUBLIC can be used to grant a privilege to every role on the system.

The special privileges of an object's owner (i.e., the right to modify or destroy the object) are always implicit in being the owner, and cannot be granted or revoked. But the owner can choose to revoke his own ordinary privileges, for example to make a table read-only for himself as well as others.

See also:
Diagram Objects: ACL Manager