Alvaro Herrera <alvherre@commandprompt.com> writes:
> Gevik Babakhani wrote:
>> At this moment the owner of the database CAN REVOKE himself form the
>> ACL_OBJECT_DATABASE. If the implementation above is acceptable then I
>> can work on this one :)
> Hmm, what do you want to do about it? ISTM the owner should be able to
> revoke the privilege from himself ...
Agreed. You can revoke all your own ordinary privileges on a table,
for example, and it would be just weird to not be able to do so for
a database.
> (Maybe we could raise a WARNING
> whenever anyone revokes the last CONNECT privilege to a database, so
> that he can GRANT it to somebody before disconnecting.)
Since (a) you could connect to a different DB, eg template1, and restore
the privilege; and (b) superusers will get past this check anyhow,
I see no need for special pushups to prevent revoking CONNECT.
> Also I'm not sure if we have discussed what's the default (initial)
> privilege state. Do we want PUBLIC to have CONNECT privilege?
It must, else the behavior is not backwards compatible.
regards, tom lane