On 07.03.22 19:18, Robert Haas wrote:
>> That all said, permissions SHOULD BE strictly additive. If boss doesn't want to be a member of pg_read_all_files
allowingthem to revoke themself from that role seems like it should be acceptable. If there is fear in allowing
someoneto revoke (not add) themselves as a member of a different role that suggests we have a design issue in another
featureof the system. Today, they neither grant nor revoke, and the self-revocation doesn't seem that important to
add.
> I disagree with this on principle, and I also think that's not how it
> works today. On the general principle, I do not see a compelling
> reason why we should have two systems for maintaining groups of users,
> one of which is used for additive things and one of which is used for
> subtractive things.
Do we have subtractive permissions today?