Re: BUG #1150: grant options not properly checked

Fabien COELHO <coelho(at)cri(dot)ensmp(dot)fr> writes:
> I do not understand it that way.

> (1) I think that the "General Rules" apply ONLY IF the "Access Rules" are
> already fulfilled, that is I MUST have the grant option of the rights
> before going there?!

I looked at this more carefully. In both SQL92 and SQL99, the only
Access Rule for GRANT is

1) The applicable privileges shall include a privilege identifying
O.

Here "O" is the target object, and "applicable privileges" is all the
privileges held by the current user.

Now, that says "a privilege", not "the privilege to be granted", nor
even "a privilege with grant option". As near as I can tell, what the
spec wants is that GRANT should raise error if the issuing user has no
privileges at all for the target object, but as long as he has at least
one privilege bit, he gets past the Access Rule --- whether or not that
bit has anything to do with the privilege bits to be granted.

After that, you get to the General Rules, which pretty clearly say that
trying to grant privileges you don't have grant option for is just a
warning and not an error condition. (Such privileges will not be in the
set of "identified privilege descriptors".)

AFAICS the specification for REVOKE is exactly parallel.

So the existing code is still wrong, but not in quite the way we thought.

I'd be the first to say that this aspect of the spec is a tad bizarre.
Does anyone want to argue for ignoring the spec and implementing "saner"
behavior? It's not like we are super close to spec compliance for
privileges otherwise ...

regards, tom lane