Dear Tom,
> section 11.37 <revoke statement> says
>
> 8) For every combination of <grantee> and <action> on O specified
> in <privileges>, if there is no corresponding privilege de-
> scriptor in the set of identified privilege descriptors, then a
> completion condition is raised: warning-privilege not revoked.
>
> 9) If ALL PRIVILEGES was specified, then for each <grantee>, if
> no privilege descriptors were identified, then a completion
> condition is raised: warning-privilege not revoked.
This is exactly "General Rule 17 a) and b)" in SQL99/2003.
> which seems parallel to the GRANT case: warning, but no error.
I do not understand it that way.
(1) I think that the "General Rules" apply ONLY IF the "Access Rules" are
already fulfilled, that is I MUST have the grant option of the rights
before going there?!
(2) thus what I understand from the above extract is that if I revoke a
right that was not granted before, then I must issue a warning. Fine.
This is different from trying to revoke a right without having the
grant option, what is still an error because it should violate access
rules, IMHO.
However I think that the above warning would is useful, because it tells
you that something maybe get wrong in a REVOKE.
Only the empty case (GRANT ALL... although I have nothing grantable)
would "only" result in a warning, as It does not violates the access
rules directly, so the general rules would apply on an empty set.
--
Fabien Coelho - coelho@cri.ensmp.fr
