Re: [COMMITTERS] pgsql-server/src/backend/catalog aclchk.c

Peter Eisentraut <peter_e(at)gmx(dot)net> writes:
> Tom Lane writes:
>> But I wonder how this squares with the SQL spec...

> The root of this problem is that revoking privileges from the owner
> doesn't square with the SQL spec in the first place. Allowing having a
> grant option without the privilege is not a state that's supported by the
> SQL standard, but it just continues the practice we've always had.

[ digs in spec for awhile ] Okay, I think I see. The SQL92 spec
defines an owner's privileges (both plain and grant-option) as being
granted to him by the magic wizard role _SYSTEM. Since the owner isn't
_SYSTEM, he can't revoke any of his own privileges.

We've always allowed an owner to revoke his own ordinary privileges,
and this seems to be useful and problem-free even if the SQL spec's
worldview doesn't allow it. But we haven't allowed an owner to revoke
his own grant-option privileges, and since SQL92 doesn't either, there
is no reason we shouldn't backpedal at the first sign of trouble with
that feature.

Do any comparable issues arise for other users who've been granted
rights by the owner? Offhand I don't see any, but...

regards, tom lane