Re: Raise a WARNING if a REVOKE affects nothing?

> -----Original Message-----
> From: pgsql-hackers-owner(at)postgresql(dot)org [mailto:pgsql-hackers-
> owner(at)postgresql(dot)org] On Behalf Of Noah Misch
> Sent: Tuesday, October 02, 2012 3:02 PM
> To: Craig Ringer
> Cc: PostgreSQL Hackers
> Subject: Re: [HACKERS] Raise a WARNING if a REVOKE affects nothing?
>
> On Tue, Aug 21, 2012 at 02:31:29PM +0800, Craig Ringer wrote:
> > It'd really help if REVOKE consistently raised warnings when it didn't
> > actually revoke anything.
>
> +1
>
> This will invite the same mixed feelings as the CREATE x IF NOT EXISTS
> notices, but I think it's worthwhile.
>
> > Even better, a special case for REVOKEs on objects that only have
> > owner and public permissions could say:
> >
> > WARNING: REVOKE didn't remove any permissions for user <blah>. This
> > <table/db/whatever> has default permissions, so there were no GRANTs
> > for user <blah> to revoke. See the documentation for REVOKE for more
> > information.
>
> The extra aid from saying those particular things is not clear to me.
>
> It might be overkill, but we could report any other roles indirectly
conveying
> access to the named role.
>

Having been bitten by this myself I do see the value in such a warning. It
is not uncommon for someone using REVOKE to believe they are installing a
block instead of removing an allowance; especially as it interacts with
default permissions.

That said, and this is an off-the-cuff thought, the entire UI for
permissions, and its treatment in the documentation, seems to be fact
oriented. The system is well documented but actually getting up to speed to
learn and use it is still a matter of reading the documentation and figuring
out how everything fits together. I haven't given it that much thought but
I am curious if others are of the same opinion.

IOW, this proposal is an attempt to fix a symptom without addressing the
root cause.

Food for thought.

David J.