From: Bruce Momjian <bruce@momjian.us>
Date: Mon, 3 Mar 2008 19:17:27 +0000 (+0000)
Subject: Document that REVOKE doesn't remove all permissions if PUBLIC has permissions.
X-Git-Tag: REL8_4_BETA1~1920
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=17405109d441ac1610c712ff6d14153c5fbdf205;p=thirdparty%2Fpostgresql.git

Document that REVOKE doesn't remove all permissions if PUBLIC has permissions.
---

diff --git a/doc/src/sgml/ref/revoke.sgml b/doc/src/sgml/ref/revoke.sgml
index ec70bc37a15..190300d5339 100644
--- a/doc/src/sgml/ref/revoke.sgml
+++ b/doc/src/sgml/ref/revoke.sgml
@@ -1,5 +1,5 @@
 <!--
-$PostgreSQL: pgsql/doc/src/sgml/ref/revoke.sgml,v 1.46 2007/10/30 19:43:30 tgl Exp $
+$PostgreSQL: pgsql/doc/src/sgml/ref/revoke.sgml,v 1.47 2008/03/03 19:17:27 momjian Exp $
 PostgreSQL documentation
 -->
 
@@ -92,7 +92,10 @@ REVOKE [ ADMIN OPTION FOR ]
    <literal>PUBLIC</literal>.  Thus, for example, revoking <literal>SELECT</> privilege
    from <literal>PUBLIC</literal> does not necessarily mean that all roles
    have lost <literal>SELECT</> privilege on the object: those who have it granted
-   directly or via another role will still have it.
+   directly or via another role will still have it.  Similarly, revoking
+   <literal>SELECT</> from a user might not prevent that user from using
+   <literal>SELECT</> if <literal>PUBLIC</literal> or another membership
+   role still has <literal>SELECT</> rights.
   </para>
 
   <para>