* Alvaro Herrera ([EMAIL PROTECTED]) wrote:
> Ah, here it is, 12.7 <revoke statement>.  It says that if role revokes
> another role from a third role, it will only remove the privileges that
> were granted by him, not someone else.

Hmm.  I'm not sure, but that may have been a case where it was generally
decided that the spec was somewhat braindead in this fashion (it seems
so in my personal view of this, honestly...).  To issue a revoke and
have it not work would be kind of concerning.  If we do end up following
this path we should emit a warning (at least...) if the user still has
the rights which are being revoked, even if through someone else.
Perhaps that also implies that tracking the grantor is unnecessary.



Attachment: signature.asc
Description: Digital signature

Reply via email to