All,
To avoid confusion, I think we should add the following sentence to
http://www.postgresql.org/docs/current/static/sql-revoke.html:
Current para:
"Note that any particular role will have the sum of privileges granted
directly to it, privileges granted to any role it is presently a member
of, and privileges granted to PUBLIC. Thus, for example, revoking SELECT
privilege from PUBLIC does not necessarily mean that all roles have lost
SELECT privilege on the object: those who have it granted directly or
via another role will still have it. Similarly, revoking SELECT from a
user might not prevent that user from using SELECT if PUBLIC or another
membership role still has SELECT rights."
Suggested improvement:
"Note that any particular role will have the sum of privileges granted
directly to it, privileges granted to any role it is presently a member
of, and privileges granted to PUBLIC. Thus, for example, revoking SELECT
privilege from PUBLIC does not necessarily mean that all roles have lost
SELECT privilege on the object: those who have it granted directly or
via another role will still have it. Similarly, revoking SELECT from a
user might not prevent that user from using SELECT if PUBLIC or another
membership role still has SELECT rights. Similarly, if a role has been
GRANTed privileges on an entire table, REVOKEing the same privileges
from individual columns will have no effect."
A quick poll of #postgresql revealed that most users, even folks who
have been using Postgres for years, are unclear on how REVOKEing
privileges on columns is supposed to work.
--
Josh Berkus
PostgreSQL Experts Inc.
http://pgexperts.com