Peter Eisentraut <peter_e@gmx.net> writes:
> Tom Lane writes:
>> nothing happens, because the revoke is implicitly assumed to mean
>> "revoke whatever privileges I granted", and Larry's superuser hasn't
>> granted any. The public privileges on language SQL were granted by
>> user postgres, and they remain in force. So the later CREATE FUNCTION
>> that the test expects to fail, succeeds.
>>
>> Is this a bug, or is it correct-per-spec behavior?
> It's correct.
After chewing on it further, I decided that the spec is unable to
provide any useful guidance, because it hasn't got the concept of
superuser. It is however clear that having superusers generate their
own grants to someone else's object is not within the privilege model of
the spec. I think the solution I applied this afternoon (pretend that
superusers are the object owner for GRANT/REVOKE purposes) is a
reasonable answer.
regards, tom lane
