Re: BUG #3319: Superuser can't revoke grants on a schema given by aother user

[Pedro Gimeno Fortea <pgsql(at)personal(dot)formauri(dot)es>]

I got a broader view of the whole picture and obviously my proposal  
that the superuser automatically revokes the privileges granted by all  
others does not make sense. So let me state the solutions I propose to  
the problem I'm facing:

(1) In the documentation for REVOKE, after the paragraph that begins  
with "A user can only revoke privileges that were granted directly by  
that user." add another paragraph similar to this:

"The rule stated in the previous paragraph is also valid for the  
superuser. The superuser can however issue SET ROLE commands to revoke  
the privileges granted by the desired users."

(2) In the documentation for REVOKE, state clearly that REVOKE will  
fail silently if the user issuing the command is not the grantor. Do so  
preferably near the bit about the superuser above.

(3) When issuing the command REVOKE <PRIV> ON <OBJ> FROM <USER>, issue  
a NOTICE or WARNING message when, after executing it, the user <USER>  
has still privilege <PRIV> on object <OBJ>.

(4) Add a GRANTED BY <USER> extension to the REVOKE command which  
allows to revoke permissions given by other users, where <USER> can be  
ALL. Obviously it would be subject to other checks which could make it  
fail.

Of course 2 and 3 are mutually exclusive. Solution 1+2 is the simplest,  
as it only involves documentation. Solution 1+3 would be enough to  
avoid most surprises. Solution 1+3+4 would be ideal.