Document that REVOKE doesn't remove all permissions if PUBLIC has permissions.

author: Bruce Momjian <bruce@momjian.us> 2008-03-03 19:17:27 +0000
committer: Bruce Momjian <bruce@momjian.us> 2008-03-03 19:17:27 +0000
commit: 17405109d441ac1610c712ff6d14153c5fbdf205 (patch)
tree: 5cb373fe1f2f4f58ae97edf2b52fdcfe4574e37d
parent: efa67833bbfde45f8e4bbe699a4d38837261a118 (diff)
1 files changed, 5 insertions, 2 deletions
diff --git a/doc/src/sgml/ref/revoke.sgml b/doc/src/sgml/ref/revoke.sgml
index ec70bc37a15..190300d5339 100644
--- a/doc/src/sgml/ref/revoke.sgml
+++ b/doc/src/sgml/ref/revoke.sgml
@@ -1,5 +1,5 @@
 <!--
-$PostgreSQL: pgsql/doc/src/sgml/ref/revoke.sgml,v 1.46 2007/10/30 19:43:30 tgl Exp $
+$PostgreSQL: pgsql/doc/src/sgml/ref/revoke.sgml,v 1.47 2008/03/03 19:17:27 momjian Exp $
 PostgreSQL documentation
 -->
 
@@ -92,7 +92,10 @@ REVOKE [ ADMIN OPTION FOR ]
    <literal>PUBLIC</literal>.  Thus, for example, revoking <literal>SELECT</> privilege
    from <literal>PUBLIC</literal> does not necessarily mean that all roles
    have lost <literal>SELECT</> privilege on the object: those who have it granted
-   directly or via another role will still have it.
+   directly or via another role will still have it.  Similarly, revoking
+   <literal>SELECT</> from a user might not prevent that user from using
+   <literal>SELECT</> if <literal>PUBLIC</literal> or another membership
+   role still has <literal>SELECT</> rights.
   </para>
 
   <para>
author	Bruce Momjian <bruce@momjian.us>	2008-03-03 19:17:27 +0000
committer	Bruce Momjian <bruce@momjian.us>	2008-03-03 19:17:27 +0000
commit	17405109d441ac1610c712ff6d14153c5fbdf205 (patch)
tree	5cb373fe1f2f4f58ae97edf2b52fdcfe4574e37d
parent	efa67833bbfde45f8e4bbe699a4d38837261a118 (diff)