Participants
Nico Sabbi
Nico Sabbi
Alvaro Herrera
Alvaro Herrera
Tom Lane
Tom Lane
Attachments
Show all attachments
Thread Outline
#1Nico SabbiNico Sabbi
May 22, 2009
#2...#3
Tom LaneNico Sabbi
to Nico Sabbi (#1)
May 22, 2009
#2Tom LaneTom Laneto Nico Sabbi (#1)
May 22, 2009
#3Nico SabbiNico Sabbito Tom Lane (#2)
May 22, 2009
#4...#6
Alvaro HerreraNico Sabbi
to Nico Sabbi (#1)
May 22, 2009
#4Alvaro HerreraAlvaro Herrerato Nico Sabbi (#1)
May 22, 2009
#5Nico SabbiNico Sabbito Alvaro Herrera (#4)
May 29, 2009
#6Alvaro HerreraAlvaro Herrerato Nico Sabbi (#5)
May 29, 2009

I can't drop a user if I don't drop his grants beforehand??????????????????

Started by Nico Sabbialmost 17 years ago6 messagesgeneral
Jump to latest
#1Nico Sabbi
Nico Sabbi
nsabbi@officinedigitali.it

Hi,
i can't believe my eyes. Why on earth I can't drop a user without
previously revoking his privileges?
This is really _crazy_ in my opinion.

I'm not speaking of object ownership, but of GRANTs.
Why?

#2Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Nico Sabbi (#1)
Re: I can't drop a user if I don't drop his grants beforehand??????????????????

Nico Sabbi <nsabbi@officinedigitali.it> writes:

i can't believe my eyes. Why on earth I can't drop a user without
previously revoking his privileges?

Yeah, it's a known limitation. The reason it's not implemented is that
some of the privileges may be in other databases besides the particular
one you're connected to, and the backend hasn't got any way to get at
those databases to remove the entries.

Maybe someday it'll get fixed, but don't hold your breath.

regards, tom lane

#3Nico Sabbi
Nico Sabbi
nsabbi@officinedigitali.it
In reply to: Tom Lane (#2)
Re: I can't drop a user if I don't drop his grants beforehand??????????????????

Tom Lane ha scritto:

Nico Sabbi <nsabbi@officinedigitali.it> writes:

i can't believe my eyes. Why on earth I can't drop a user without
previously revoking his privileges?

Yeah, it's a known limitation. The reason it's not implemented is that
some of the privileges may be in other databases besides the particular
one you're connected to, and the backend hasn't got any way to get at
those databases to remove the entries.

Maybe someday it'll get fixed, but don't hold your breath.

regards, tom lane

Thanks.
Unfortunately role_usage_grants is emtpy and usage_privileges doesn't
contain what I expected to find,
so I had to iterate over the distinct table_schema in
iformation_schema.tables to drop the schema_usage grants.

Nico

#4Alvaro Herrera
Alvaro Herrera
alvherre@2ndquadrant.com
In reply to: Nico Sabbi (#1)
Re: I can't drop a user if I don't drop his grants beforehand??????????????????

Nico Sabbi wrote:

Hi,
i can't believe my eyes. Why on earth I can't drop a user without
previously revoking his privileges?
This is really _crazy_ in my opinion.

I'm not speaking of object ownership, but of GRANTs.

As Tom says, it's a known limitation. Did you try REASSIGN OWNED and/or DROP
OWNED?

--
Alvaro Herrera http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.

#5Nico Sabbi
Nico Sabbi
nsabbi@officinedigitali.it
In reply to: Alvaro Herrera (#4)
Re: I can't drop a user if I don't drop his grants beforehand??????????????????

Alvaro Herrera ha scritto:

Nico Sabbi wrote:

Hi,
i can't believe my eyes. Why on earth I can't drop a user without
previously revoking his privileges?
This is really _crazy_ in my opinion.

I'm not speaking of object ownership, but of GRANTs.

As Tom says, it's a known limitation. Did you try REASSIGN OWNED and/or DROP
OWNED?

Hi,
sorry for the big delay.
No, I didn't because the tables weren't owned by the user I wanted to
drop, but by another one.

#6Alvaro Herrera
Alvaro Herrera
alvherre@2ndquadrant.com
In reply to: Nico Sabbi (#5)
Re: I can't drop a user if I don't drop his grants beforehand??????????????????

Nico Sabbi wrote:

Alvaro Herrera ha scritto:

I'm not speaking of object ownership, but of GRANTs.

As Tom says, it's a known limitation. Did you try REASSIGN OWNED and/or DROP
OWNED?

No, I didn't because the tables weren't owned by the user I wanted to
drop, but by another one.

DROP OWNED drops GRANTs too.

--
Alvaro Herrera http://www.CommandPrompt.com/
PostgreSQL Replication, Consulting, Custom Development, 24x7 support

← Back to Topics