Thanks for Your answer.
Works as designed - I have to get used.
Please notice the return message from REVOKE ALL command:
myDatabase=# REVOKE ALL("Column1") ON public."tblTest" FROM public;
myDatabase=# \dp public."tblTest"
Schema | Name | Type | Access privileges | Column access
public | tblTest | table | postgres=arwdDxt/postgres +| Column1:
| | | otherUser=ar*wdxt/postgres | =r/otherUser
return message is REVOKE, but privileges are not really revoked ? there should be at least warning message generated. REVOKE...CASCADE works fine.
AFAIK SQL Standard defines GRANTED BY. I haven't found it in PosgtreSQL documentation, so assume it is not implemented. I think it is good idea to imlement it, this could help in that case.
--- Oryginalna wiadomo?? ---
Od: Tom Lane [mailto: tgl(at)sss(dot)pgh(dot)pa(dot)us]
Wys?ane: Tuesday, January 31, 2012 03:03 AM
Temat: Re: [BUGS] BUG #6421: Revoke column level privilage
> Cannot revoke column level privilages.
AFAICS this is not a bug, and it's certainly not specific to
column-level privileges. You had "postgres" grant some privileges to
"otherUser" with grant option, and then had "otherUser" re-grant those
privileges to public. "postgres" cannot revoke the re-grant directly.
You can have it revoke "otherUser"'s grant option. (I think this will
require the CASCADE keyword if there are dependent privileges that
have to be revoked in consequence.) Or you can log in as "otherUser"
and revoke the privilege grants made by that role. This is per design
and AFAIK it's per the SQL standard's requirements.
There's a lot of fine print in the Notes sections of the GRANT and
REVOKE reference pages, which you might find helpful.
regards, tom lane
pgsql-bugs by date
|Next:||From: keith||Date: 2012-02-01 21:50:45|
|Subject: BUG #6428: pg_restore -l not consistent with function comments|
|Previous:||From: Tom Lane||Date: 2012-02-01 21:48:35|
|Subject: Re: BUG #6426: Complex query runs 10 times longer with "LIMIT 20" |