* Tom Lane (tgl@sss.pgh.pa.us) wrote:
> This is looking a bit messy. Maybe for GRANT/REVOKE, we have to insist
> that privileges do not inherit, you have to actually be SET ROLE'd to
> whatever role has the authority to do the grant. I haven't figured out
> how the SQL spec avoids this problem, considering that they do have the
> concept of rights inheriting for roles.
There is 'revoke update on t1 from u3 granted by u2;' syntax in the
SQL 2003 specification. It doesn't look like we support that syntax
(looking at 8.0.3 anyway)- would that solve the problem if we did?
From your example, u1 couldn't revoke it because u1 couldn't become u2,
and we don't support syntax for saying "revoke this priviledge which was
granted by someone else", but the SQL spec has that syntax and if we did
then I think we'd allow the owner to use it.
Does that help?
Thanks,
Stephen