Henk van Lingen <henkvl@cs.uu.nl> writes:
> Isn't ...../postgresql/doc/html/sql-revoke.html a bit misguiding
> saying:
> PUBLIC
> Rescind the specified privilege(s) for all users.
You're right, that's easily misread. I've added some wording to try
to clarify:
<para>
<command>REVOKE</command> allows the creator of an object to revoke
previously granted permissions from one or more users or groups of users.
The key word <literal>PUBLIC</literal> refers to the implicitly defined
group of all users.
</para>
<para>
Note that any particular user will have the sum
of privileges granted directly to him, privileges granted to any group he
is presently a member of, and privileges granted to
<literal>PUBLIC</literal>. Thus, for example, revoking SELECT privilege
from <literal>PUBLIC</literal> does not necessarily mean that all users
have lost SELECT privilege on the object: those who have it granted
directly or via a group will still have it.
</para>
> Anyways, thanx, i'll look for another way to revoke all permissions.
I'm afraid you have to do it retail: if you GRANTed anything to user
joe, you have to REVOKE FROM joe. There's no easy shortcut.
Well ... hmm ... it would probably work to do
UPDATE pg_class SET relacl = NULL WHERE relname = 'mytable';
which should revert the permissions on mytable to the default state.
Pretty ugly though, and not guaranteed to work the same in future releases.
regards, tom lane