Re: BUG #1150: grant options not properly checked

Dear Tom,

> section 11.37 <revoke statement> says
>
> 8) For every combination of <grantee> and <action> on O specified
> in <privileges>, if there is no corresponding privilege de-
> scriptor in the set of identified privilege descriptors, then a
> completion condition is raised: warning-privilege not revoked.
>
> 9) If ALL PRIVILEGES was specified, then for each <grantee>, if
> no privilege descriptors were identified, then a completion
> condition is raised: warning-privilege not revoked.

This is exactly "General Rule 17 a) and b)" in SQL99/2003.

> which seems parallel to the GRANT case: warning, but no error.

I do not understand it that way.

(1) I think that the "General Rules" apply ONLY IF the "Access Rules" are
already fulfilled, that is I MUST have the grant option of the rights
before going there?!

(2) thus what I understand from the above extract is that if I revoke a
right that was not granted before, then I must issue a warning. Fine.

This is different from trying to revoke a right without having the
grant option, what is still an error because it should violate access
rules, IMHO.

However I think that the above warning would is useful, because it tells
you that something maybe get wrong in a REVOKE.

Only the empty case (GRANT ALL... although I have nothing grantable)
would "only" result in a warning, as It does not violates the access
rules directly, so the general rules would apply on an empty set.

--
Fabien Coelho - coelho(at)cri(dot)ensmp(dot)fr