Re: document deviation from standard on REVOKE ROLE
| От | Tom Lane |
|---|---|
| Тема | Re: document deviation from standard on REVOKE ROLE |
| Дата | |
| Msg-id | 2887769.1698882565@sss.pgh.pa.us обсуждение исходный текст |
| Ответ на | Re: document deviation from standard on REVOKE ROLE (Bruce Momjian <bruce@momjian.us>) |
| Ответы |
Re: document deviation from standard on REVOKE ROLE
|
| Список | pgsql-hackers |
Bruce Momjian <bruce@momjian.us> writes:
> On Fri, Oct 30, 2020 at 02:03:48PM -0400, John Naylor wrote:
>> + In the SQL standard, <command>REVOKE</command> only revokes the privilege
>> + as granted by the invoking role. In <productname>PostgreSQL</productname>,
>> + this will also revoke privileges granted by other roles.
> John, should this 2020 patch still be applied?
[ raised eyebrow... ] I do not think that was ever true as written,
and it's demonstrably not true now.
regression=# create user alice;
CREATE ROLE
regression=# create user bob;
CREATE ROLE
regression=# create table subject (id int);
CREATE TABLE
regression=# grant select on table subject to alice with grant option;
GRANT
regression=# grant select on table subject to bob with grant option;
GRANT
regression=# \c - alice
You are now connected to database "regression" as user "alice".
regression=> grant select on table subject to public;
GRANT
regression=> \c - bob
You are now connected to database "regression" as user "bob".
regression=> grant select on table subject to public;
GRANT
regression=> \dp subject
Access privileges
Schema | Name | Type | Access privileges | Column privileges | Policies
--------+---------+-------+---------------------------+-------------------+----------
public | subject | table | postgres=arwdDxt/postgres+| |
| | | alice=r*/postgres +| |
| | | bob=r*/postgres +| |
| | | =r/alice +| |
| | | =r/bob | |
(1 row)
regression=> revoke select on table subject from public;
REVOKE
regression=> \dp subject
Access privileges
Schema | Name | Type | Access privileges | Column privileges | Policies
--------+---------+-------+---------------------------+-------------------+----------
public | subject | table | postgres=arwdDxt/postgres+| |
| | | alice=r*/postgres +| |
| | | bob=r*/postgres +| |
| | | =r/alice | |
(1 row)
Maybe there's some related point that needs to be made,
but not that one.
regards, tom lane
В списке pgsql-hackers по дате отправления: