* Alvaro Herrera ([EMAIL PROTECTED]) wrote: > Ah, here it is, 12.7 <revoke statement>. It says that if role revokes > another role from a third role, it will only remove the privileges that > were granted by him, not someone else.
Hmm. I'm not sure, but that may have been a case where it was generally decided that the spec was somewhat braindead in this fashion (it seems so in my personal view of this, honestly...). To issue a revoke and have it not work would be kind of concerning. If we do end up following this path we should emit a warning (at least...) if the user still has the rights which are being revoked, even if through someone else. Perhaps that also implies that tracking the grantor is unnecessary. Thanks, Stephen
Description: Digital signature