Re: Raise a WARNING if a REVOKE affects nothing?
| От | Darren Duncan |
|---|---|
| Тема | Re: Raise a WARNING if a REVOKE affects nothing? |
| Дата | |
| Msg-id | 50332EA8.9030708@darrenduncan.net обсуждение исходный текст |
| Ответ на | Raise a WARNING if a REVOKE affects nothing? (Craig Ringer <ringerc@ringerc.id.au>) |
| Список | pgsql-hackers |
That sounds like a good change to me. -- Darren Duncan Craig Ringer wrote: > Hi all > > I'm seeing lots of confusion from people about why: > > REVOKE CONNECT ON DATABASE foo FROM someuser; > > doesn't stop them connecting. Users seem to struggle to understand that: > > - There's a default GRANT to public; and > - REVOKE removes existing permissions, it doesn't add deny rules > > It'd really help if REVOKE consistently raised warnings when it didn't > actually revoke anything. > > Even better, a special case for REVOKEs on objects that only have owner > and public permissions could say: > > WARNING: REVOKE didn't remove any permissions for user <blah>. This > <table/db/whatever> > has default permissions, so there were no GRANTs for user <blah> to > revoke. See the documentation > for REVOKE for more information. > > > Opinions? > > > -- > Craig Ringer > >
В списке pgsql-hackers по дате отправления: