Alvaro Herrera <alvherre(at)commandprompt(dot)com> writes:
> donniehan wrote:
>> I'm sorry to bother you. i really care about this behavior, but i couldn't find the discussions you mentioned in pgsql-hackers archives.
>> Would you please tell me more about the discussions(about date? the related issue?), so that i can search it and find it more easily?
> Maybe he's referring to this discussion:
No, it's a lot older than that. See
The original 7.4-devel behavior made it effectively impossible for a
superuser to *revoke* privileges, which is certainly not acceptable in
Looking at the CVS history of aclchk.c, I notice that we later installed
a similar provision with respect to roles: grants/revokes are done as
the role that owns the object, not as the role member that is actually
issuing the command. Otherwise other role members can't adjust the
This comes down to the fact that privileges granted on the same object
by two different roles are distinct, and you can only revoke the ones
you granted. Which AFAICT is required behavior per SQL spec.
regards, tom lane
In response to
pgsql-general by date
|Next:||From: Jaime Casanova||Date: 2009-12-28 15:38:41|
|Subject: Re: How to use read uncommitted transaction level and set update order|
|Previous:||From: fernando||Date: 2009-12-28 11:47:53|
|Subject: Re: Java Postgres drivers.|