Re: BUG #1150: grant options not properly checked

From: Fabien COELHO <coelho(at)cri(dot)ensmp(dot)fr>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-bugs(at)postgresql(dot)org, Peter Eisentraut <peter_e(at)gmx(dot)net>
Subject: Re: BUG #1150: grant options not properly checked
Date: 2004-05-11 16:20:34
Message-ID: Pine.LNX.4.58.0405111759500.21629@sablons.cri.ensmp.fr
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs


Dear Tom,

> section 11.37 <revoke statement> says
>
> 8) For every combination of <grantee> and <action> on O specified
> in <privileges>, if there is no corresponding privilege de-
> scriptor in the set of identified privilege descriptors, then a
> completion condition is raised: warning-privilege not revoked.
>
> 9) If ALL PRIVILEGES was specified, then for each <grantee>, if
> no privilege descriptors were identified, then a completion
> condition is raised: warning-privilege not revoked.

This is exactly "General Rule 17 a) and b)" in SQL99/2003.

> which seems parallel to the GRANT case: warning, but no error.

I do not understand it that way.

(1) I think that the "General Rules" apply ONLY IF the "Access Rules" are
already fulfilled, that is I MUST have the grant option of the rights
before going there?!

(2) thus what I understand from the above extract is that if I revoke a
right that was not granted before, then I must issue a warning. Fine.

This is different from trying to revoke a right without having the
grant option, what is still an error because it should violate access
rules, IMHO.

However I think that the above warning would is useful, because it tells
you that something maybe get wrong in a REVOKE.

Only the empty case (GRANT ALL... although I have nothing grantable)
would "only" result in a warning, as It does not violates the access
rules directly, so the general rules would apply on an empty set.

--
Fabien Coelho - coelho(at)cri(dot)ensmp(dot)fr

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Tom Lane 2004-05-11 19:32:04 Re: BUG #1150: grant options not properly checked
Previous Message Tom Lane 2004-05-11 15:57:46 Re: BUG #1150: grant options not properly checked