| From: | Craig Ringer <ringerc(at)ringerc(dot)id(dot)au> |
|---|---|
| To: | PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Raise a WARNING if a REVOKE affects nothing? |
| Date: | 2012-08-21 06:31:29 |
| Message-ID: | 50332B41.3080906@ringerc.id.au |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Hi all
I'm seeing lots of confusion from people about why:
REVOKE CONNECT ON DATABASE foo FROM someuser;
doesn't stop them connecting. Users seem to struggle to understand that:
- There's a default GRANT to public; and
- REVOKE removes existing permissions, it doesn't add deny rules
It'd really help if REVOKE consistently raised warnings when it didn't
actually revoke anything.
Even better, a special case for REVOKEs on objects that only have owner
and public permissions could say:
WARNING: REVOKE didn't remove any permissions for user <blah>. This
<table/db/whatever>
has default permissions, so there were no GRANTs for user <blah> to
revoke. See the documentation
for REVOKE for more information.
Opinions?
--
Craig Ringer
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Darren Duncan | 2012-08-21 06:46:00 | Re: Raise a WARNING if a REVOKE affects nothing? |
| Previous Message | Sam Ross | 2012-08-21 06:27:09 | Estimated rows question |