> On 25 Mar 2024, at 14:54, Christophe Pettus <x...@thebuild.com> wrote: > > Right now, if you do a REVOKE that doesn't actually revoke anything, it works > silently. This can be a bit of a foot-gun. For example: > > CREATE FUNCTION f() RETURNS int as $$ SELECT 1; $$ LANGUAGE sql; > REVOKE EXECUTE ON FUNCTION f() FROM lowpriv; > > Naively, it might be expected that `lowpriv` can't execute the function, but > unless default privileges have been changed, `lowpriv` still can under the > default grant of EXECUTE to PUBLIC. Since there was no previous grant to > `lowpriv`, nothing actually changes in the ACL. This bit a client recently.
That's indeed a potential foot-gun. > Is it worth generating a warning in this case? Or maybe a NOTICE? -- Daniel Gustafsson
