That sounds like a good change to me. -- Darren Duncan
Craig Ringer wrote:
> Hi all
>
> I'm seeing lots of confusion from people about why:
>
> REVOKE CONNECT ON DATABASE foo FROM someuser;
>
> doesn't stop them connecting. Users seem to struggle to understand that:
>
> - There's a default GRANT to public; and
> - REVOKE removes existing permissions, it doesn't add deny rules
>
> It'd really help if REVOKE consistently raised warnings when it didn't
> actually revoke anything.
>
> Even better, a special case for REVOKEs on objects that only have owner
> and public permissions could say:
>
> WARNING: REVOKE didn't remove any permissions for user <blah>. This
> <table/db/whatever>
> has default permissions, so there were no GRANTs for user <blah> to
> revoke. See the documentation
> for REVOKE for more information.
>
>
> Opinions?
>
>
> --
> Craig Ringer
>
>