Thread: BUG #1114: REVOKE done by non-privileged user claims success

The following bug has been logged online:

Bug reference:      1114
Logged by:          Oliver Elphick

Email address:      olly@lfix.co.uk

PostgreSQL version: 7.4

Operating system:   Debian Linux

Description:        REVOKE done by non-privileged user claims success

Details:

When REVOKE is used on an object for which the current user does not have
GRANT privilege, the operation fails but "REVOKE" is returned as if it had
succeeded:

  $ psql -U fred template1
  template1=> revoke create on schema public from public;
  REVOKE

(NB: this web interface at http://www.postgresql.org/bugform.html could do
with Pg version options for 7.3.6, 7.4.1 and 7.4.2).

"PostgreSQL Bugs List" <pgsql-bugs@postgresql.org> writes:
> When REVOKE is used on an object for which the current user does not have
> GRANT privilege, the operation fails but "REVOKE" is returned as if it had
> succeeded:

Looking at the code, this seems to be intentional, because the privilege
check is not made for revokes only for grants:

        if (stmt->is_grant
            && !pg_class_ownercheck(relOid, GetUserId())
            && pg_class_aclcheck(relOid, GetUserId(),
                                 ACL_GRANT_OPTION_FOR(privileges)) != ACLCHECK_OK)
            aclcheck_error(ACLCHECK_NO_PRIV, ACL_KIND_CLASS, relvar->relname);

Peter, do you remember why you did it that way?

            regards, tom lane

Tom Lane wrote:
> Looking at the code, this seems to be intentional, because the
> privilege check is not made for revokes only for grants:
> Peter, do you remember why you did it that way?

I'm not really sure right now.  It doesn't really make sense, does it?
Certainly, the SQL standard requires a privilege check on revoke.