Tom Lane wrote:
> Jeff Davis <pgsql@j-davis.com> writes:
> > Would it be reasonable to throw a warning if you revoke a privilege from
> > some role, and that role inherits the privilege from some other role (or
> > PUBLIC)?
>
> This has been suggested and rejected before --- the consensus is it'd
> be too noisy.
>
> Possibly the REVOKE manual page could be modified to throw more stress
> on the point.
Agreed, patch attached and applied.
--
Bruce Momjian <bruce@momjian.us> http://momjian.us
EnterpriseDB http://postgres.enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +
Index: doc/src/sgml/ref/revoke.sgml
===================================================================
RCS file: /cvsroot/pgsql/doc/src/sgml/ref/revoke.sgml,v
retrieving revision 1.46
diff -c -c -r1.46 revoke.sgml
*** doc/src/sgml/ref/revoke.sgml 30 Oct 2007 19:43:30 -0000 1.46
--- doc/src/sgml/ref/revoke.sgml 3 Mar 2008 19:16:38 -0000
***************
*** 92,98 ****
<literal>PUBLIC</literal>. Thus, for example, revoking <literal>SELECT</> privilege
from <literal>PUBLIC</literal> does not necessarily mean that all roles
have lost <literal>SELECT</> privilege on the object: those who have it granted
! directly or via another role will still have it.
</para>
<para>
--- 92,101 ----
<literal>PUBLIC</literal>. Thus, for example, revoking <literal>SELECT</> privilege
from <literal>PUBLIC</literal> does not necessarily mean that all roles
have lost <literal>SELECT</> privilege on the object: those who have it granted
! directly or via another role will still have it. Similarly, revoking
! <literal>SELECT</> from a user might not prevent that user from using
! <literal>SELECT</> if <literal>PUBLIC</literal> or another membership
! role still has <literal>SELECT</> rights.
</para>
<para>