"PostgreSQL Bugs List" <[EMAIL PROTECTED]> writes:
> When REVOKE is used on an object for which the current user does not have
> GRANT privilege, the operation fails but "REVOKE" is returned as if it had
> succeeded:
Looking at the code, this seems to be intentional, because the privilege
check is not made for revokes only for grants:
if (stmt->is_grant
&& !pg_class_ownercheck(relOid, GetUserId())
&& pg_class_aclcheck(relOid, GetUserId(),
ACL_GRANT_OPTION_FOR(privileges)) != ACLCHECK_OK)
aclcheck_error(ACLCHECK_NO_PRIV, ACL_KIND_CLASS, relvar->relname);
Peter, do you remember why you did it that way?
regards, tom lane
---------------------------(end of broadcast)---------------------------
TIP 6: Have you searched our list archives?
http://archives.postgresql.org
