Re: Removing pg_auth_members.grantor (was Grantor name gets lost when grantor role dropped)

* Alvaro Herrera (alvherre(at)commandprompt(dot)com) wrote:
> Ah, here it is, 12.7 <revoke statement>. It says that if role revokes
> another role from a third role, it will only remove the privileges that
> were granted by him, not someone else.

Hmm. I'm not sure, but that may have been a case where it was generally
decided that the spec was somewhat braindead in this fashion (it seems
so in my personal view of this, honestly...). To issue a revoke and
have it not work would be kind of concerning. If we do end up following
this path we should emit a warning (at least...) if the user still has
the rights which are being revoked, even if through someone else.
Perhaps that also implies that tracking the grantor is unnecessary.

Thanks,

Stephen