Per my original email, we were calling the has_table_privilege function to revoke rather than simply revoking.
Thank you very much,
Sincerely,
Kasia
-----Original Message-----
From: Kevin Grittner [mailto:Kevin.Grittner@wicourts.gov]
Sent: Tuesday, August 10, 2010 1:00 PM
To: Kasia Tuszynska; Szymon Guz
Cc: pgsql-admin@postgresql.org
Subject: RE: [ADMIN] postgres function does not handle PUBLIC - expected?
Kasia Tuszynska <ktuszynska@esri.com> wrote:
> We found this issue because we can grant privs to public on a
> table, but could not revoke them.
Odd.
test=# create table t1 (c1 int primary key);
NOTICE: CREATE TABLE / PRIMARY KEY will create implicit index
"t1_pkey" for table "t1"
CREATE TABLE
test=# grant insert on t1 to public;
GRANT
test=# revoke insert on t1 from public;
REVOKE
test=# revoke update on t1 from public;
REVOKE
> If I did not "know" that public was there how
> would I check for it's existence on Postgres?
You would need to go to the documentation. Unfortunately, we don't
mention it on this page:
http://www.postgresql.org/docs/current/static/role-membership.html
As Andre pointed out, you can get a reasonable explanation on the
page describing the GRANT statement.
-Kevin