Home > mailing lists

Re: No warning for a no-op REVOKE - Mailing list pgsql-general

From	Christophe Pettus
Subject	Re: No warning for a no-op REVOKE
Date	March 25 17:37:45
Msg-id	DE7C1C13-7ED8-4815-B4B4-1ECE20C29C0C@thebuild.com Whole thread Raw
In response to	Re: No warning for a no-op REVOKE (Daniel Gustafsson <daniel@yesql.se>)
List	pgsql-general

Tree view

> On Mar 25, 2024, at 07:20, Daniel Gustafsson <daniel@yesql.se> wrote:
>
>> On 25 Mar 2024, at 15:09, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>
>> My initial reaction is that we should warn only when the command
>> is a complete no-op, that is none of the mentioned privileges
>> matched.
>
> That's my gut reaction too,

I think that's fine.  The all-singing-all-dancing solution would be to warn if the role retains any of the mentioned
privilegesfor some other reason, as in: 

    WARNING: role "lowpriv" still has EXECUTE permission on "f()" via a grant to role "PUBLIC" by role "owner"

... but I suspect the implementation complexity there isn't trivial.

pgsql-general by date:

From: Daniel Gustafsson
Date: 25 March, 17:20:17
Subject: Re: No warning for a no-op REVOKE

From: Adrian Klaver
Date: 25 March, 18:09:35
Subject: Re: Query on Postgres SQL transaction

Re: No warning for a no-op REVOKE - Mailing list pgsql-general

Previous

Next