Tom Lane wrote: > Jeff Davis <[EMAIL PROTECTED]> writes: > > Would it be reasonable to throw a warning if you revoke a privilege from > > some role, and that role inherits the privilege from some other role (or > > PUBLIC)? > > This has been suggested and rejected before --- the consensus is it'd > be too noisy. > > Possibly the REVOKE manual page could be modified to throw more stress > on the point.
Agreed, patch attached and applied. -- Bruce Momjian <[EMAIL PROTECTED]> http://momjian.us EnterpriseDB http://postgres.enterprisedb.com + If your life is a hard drive, Christ can be your backup. +
Index: doc/src/sgml/ref/revoke.sgml =================================================================== RCS file: /cvsroot/pgsql/doc/src/sgml/ref/revoke.sgml,v retrieving revision 1.46 diff -c -c -r1.46 revoke.sgml *** doc/src/sgml/ref/revoke.sgml 30 Oct 2007 19:43:30 -0000 1.46 --- doc/src/sgml/ref/revoke.sgml 3 Mar 2008 19:16:38 -0000 *************** *** 92,98 **** <literal>PUBLIC</literal>. Thus, for example, revoking <literal>SELECT</> privilege from <literal>PUBLIC</literal> does not necessarily mean that all roles have lost <literal>SELECT</> privilege on the object: those who have it granted ! directly or via another role will still have it. </para> <para> --- 92,101 ---- <literal>PUBLIC</literal>. Thus, for example, revoking <literal>SELECT</> privilege from <literal>PUBLIC</literal> does not necessarily mean that all roles have lost <literal>SELECT</> privilege on the object: those who have it granted ! directly or via another role will still have it. Similarly, revoking ! <literal>SELECT</> from a user might not prevent that user from using ! <literal>SELECT</> if <literal>PUBLIC</literal> or another membership ! role still has <literal>SELECT</> rights. </para> <para>
-- Sent via pgsql-patches mailing list (pgsql-patches@postgresql.org) To make changes to your Subscription: http://mail.postgresql.org/mj/mj_wwwusr?domain=postgresql.org&extra=pgsql-patches