Re: [HACKERS] new warning message

Tom Lane wrote:
> Jeff Davis <pgsql@j-davis.com> writes:
> > Would it be reasonable to throw a warning if you revoke a privilege from
> > some role, and that role inherits the privilege from some other role (or
> > PUBLIC)?
>
> This has been suggested and rejected before --- the consensus is it'd
> be too noisy.
>
> Possibly the REVOKE manual page could be modified to throw more stress
> on the point.

Agreed, patch attached and applied.

--
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://postgres.enterprisedb.com

  + If your life is a hard drive, Christ can be your backup. +
Index: doc/src/sgml/ref/revoke.sgml
===================================================================
RCS file: /cvsroot/pgsql/doc/src/sgml/ref/revoke.sgml,v
retrieving revision 1.46
diff -c -c -r1.46 revoke.sgml
*** doc/src/sgml/ref/revoke.sgml    30 Oct 2007 19:43:30 -0000    1.46
--- doc/src/sgml/ref/revoke.sgml    3 Mar 2008 19:16:38 -0000
***************
*** 92,98 ****
     <literal>PUBLIC</literal>.  Thus, for example, revoking <literal>SELECT</> privilege
     from <literal>PUBLIC</literal> does not necessarily mean that all roles
     have lost <literal>SELECT</> privilege on the object: those who have it granted
!    directly or via another role will still have it.
    </para>

    <para>
--- 92,101 ----
     <literal>PUBLIC</literal>.  Thus, for example, revoking <literal>SELECT</> privilege
     from <literal>PUBLIC</literal> does not necessarily mean that all roles
     have lost <literal>SELECT</> privilege on the object: those who have it granted
!    directly or via another role will still have it.  Similarly, revoking
!    <literal>SELECT</> from a user might not prevent that user from using
!    <literal>SELECT</> if <literal>PUBLIC</literal> or another membership
!    role still has <literal>SELECT</> rights.
    </para>

    <para>