Thread: document deviation from standard on REVOKE ROLE
This is the other doc fix as suggested in
https://www.postgresql.org/message-id/20201027220555.GS4951%40momjian.us
There is already a compatibility section, so put there.
--
Attachment
On Fri, Oct 30, 2020 at 02:03:48PM -0400, John Naylor wrote: > This is the other doc fix as suggested in > https://www.postgresql.org/message-id/20201027220555.GS4951%40momjian.us > > There is already a compatibility section, so put there. > -- > John Naylor > EnterpriseDB: http://www.enterprisedb.com > The Enterprise PostgreSQL Company > diff --git a/doc/src/sgml/ref/revoke.sgml b/doc/src/sgml/ref/revoke.sgml > index 35ff87a4f5..c8d5be92db 100644 > --- a/doc/src/sgml/ref/revoke.sgml > +++ b/doc/src/sgml/ref/revoke.sgml > @@ -298,6 +298,12 @@ REVOKE admins FROM joe; > is required according to the standard, but <productname>PostgreSQL</productname> > assumes <literal>RESTRICT</literal> by default. > </para> > + > + <para> > + In the SQL standard, <command>REVOKE</command> only revokes the privilege > + as granted by the invoking role. In <productname>PostgreSQL</productname>, > + this will also revoke privileges granted by other roles. > + </para> > </refsect1> > > <refsect1> John, should this 2020 patch still be applied? -- Bruce Momjian <bruce@momjian.us> https://momjian.us EDB https://enterprisedb.com Only you can decide what is important to you.
Bruce Momjian <bruce@momjian.us> writes:
> On Fri, Oct 30, 2020 at 02:03:48PM -0400, John Naylor wrote:
>> + In the SQL standard, <command>REVOKE</command> only revokes the privilege
>> + as granted by the invoking role. In <productname>PostgreSQL</productname>,
>> + this will also revoke privileges granted by other roles.
> John, should this 2020 patch still be applied?
[ raised eyebrow... ] I do not think that was ever true as written,
and it's demonstrably not true now.
regression=# create user alice;
CREATE ROLE
regression=# create user bob;
CREATE ROLE
regression=# create table subject (id int);
CREATE TABLE
regression=# grant select on table subject to alice with grant option;
GRANT
regression=# grant select on table subject to bob with grant option;
GRANT
regression=# \c - alice
You are now connected to database "regression" as user "alice".
regression=> grant select on table subject to public;
GRANT
regression=> \c - bob
You are now connected to database "regression" as user "bob".
regression=> grant select on table subject to public;
GRANT
regression=> \dp subject
Access privileges
Schema | Name | Type | Access privileges | Column privileges | Policies
--------+---------+-------+---------------------------+-------------------+----------
public | subject | table | postgres=arwdDxt/postgres+| |
| | | alice=r*/postgres +| |
| | | bob=r*/postgres +| |
| | | =r/alice +| |
| | | =r/bob | |
(1 row)
regression=> revoke select on table subject from public;
REVOKE
regression=> \dp subject
Access privileges
Schema | Name | Type | Access privileges | Column privileges | Policies
--------+---------+-------+---------------------------+-------------------+----------
public | subject | table | postgres=arwdDxt/postgres+| |
| | | alice=r*/postgres +| |
| | | bob=r*/postgres +| |
| | | =r/alice | |
(1 row)
Maybe there's some related point that needs to be made,
but not that one.
regards, tom lane
On Wed, Nov 1, 2023 at 07:49:25PM -0400, Tom Lane wrote: > Bruce Momjian <bruce@momjian.us> writes: > > On Fri, Oct 30, 2020 at 02:03:48PM -0400, John Naylor wrote: > >> + In the SQL standard, <command>REVOKE</command> only revokes the privilege > >> + as granted by the invoking role. In <productname>PostgreSQL</productname>, > >> + this will also revoke privileges granted by other roles. > > > John, should this 2020 patch still be applied? > > [ raised eyebrow... ] I do not think that was ever true as written, > and it's demonstrably not true now. .. > Maybe there's some related point that needs to be made, > but not that one. Cool, thanks, closed! -- Bruce Momjian <bruce@momjian.us> https://momjian.us EDB https://enterprisedb.com Only you can decide what is important to you.