Dear Tom, > ... > Note that says WARNING, not ERROR. So I guess what we need to do is > narrow the privilege set and issue a warning message.
Yep. > I think this also bears on the question that was raised before about > whether REVOKE should raise an error if you don't have the right to > revoke the privileges you're listing. We don't, and based on this > I think we shouldn't --- but maybe we should issue a warning. There are two close but different issues. (1) REVOKE ALL ON SCHEMA foo FROM calvin; I agree with you that it looks it is allowed, as narrow would mean empty. I really think a warning is desirable in such a case... (2) REVOKE USAGE ON SCHEMA foo FROM calvin; Where USAGE (or any specific right) is not grantable by the issuer. While browsing the Access Rules of <revoke statement>... it is unclear. I guess maybe a "grantable" word is missing in my version of the standard, because otherwise I cannot really extract a semantics from access rule 1 case a in 12.7. Case b is much more explicit in my version for <revoke role statement>, you need a "WITH ADMIN OPTION". If my guess is correct and that an access rule is violated, then this case should result in an error. -- Fabien Coelho - [EMAIL PROTECTED] ---------------------------(end of broadcast)--------------------------- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]
