Re: revoke all from public ?

Henk van Lingen <henkvl(at)cs(dot)uu(dot)nl> writes:
> Isn't ...../postgresql/doc/html/sql-revoke.html a bit misguiding
> saying:
> PUBLIC
> Rescind the specified privilege(s) for all users.

You're right, that's easily misread. I've added some wording to try
to clarify:

<para>
<command>REVOKE</command> allows the creator of an object to revoke
previously granted permissions from one or more users or groups of users.
The key word <literal>PUBLIC</literal> refers to the implicitly defined
group of all users.
</para>

<para>
Note that any particular user will have the sum
of privileges granted directly to him, privileges granted to any group he
is presently a member of, and privileges granted to
<literal>PUBLIC</literal>. Thus, for example, revoking SELECT privilege
from <literal>PUBLIC</literal> does not necessarily mean that all users
have lost SELECT privilege on the object: those who have it granted
directly or via a group will still have it.
</para>

> Anyways, thanx, i'll look for another way to revoke all permissions.

I'm afraid you have to do it retail: if you GRANTed anything to user
joe, you have to REVOKE FROM joe. There's no easy shortcut.

Well ... hmm ... it would probably work to do
UPDATE pg_class SET relacl = NULL WHERE relname = 'mytable';
which should revert the permissions on mytable to the default state.
Pretty ugly though, and not guaranteed to work the same in future releases.

regards, tom lane