DROP PRIVILEGES OWNED BY

On Mon, Dec 15, 2014 at 9:43 AM, Marko Tiikkaja <marko@joh.to> wrote:

Hi,

This week I had a problem where I wanted to drop only the privileges a
certain role had in the system, while keeping all the objects. I couldn't
figure out a reasonable way to do that, so I've attached a patch for this to
this email. Please consider it for inclusion into 9.5. The syntax is:

DROP PRIVILEGES OWNED BY role [, ...]

I at some point decided to implement it as a new command instead of changing
DropOwnedStmt, and I think that might have been a mistake. It might have
made more sense to instead teach DROP OWNED to accept a specification of
which things to drop. But the proposal is more important than such details,
I think.

You should consider adding it to the upcoming CF:
https://commitfest.postgresql.org/action/commitfest_view?id=25
Regards,
--
Michael

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

On 12/15/2014 02:43 AM, Marko Tiikkaja wrote:

This week I had a problem where I wanted to drop only the privileges a
certain role had in the system, while keeping all the objects. I
couldn't figure out a reasonable way to do that, so I've attached a
patch for this to this email. Please consider it for inclusion into
9.5. The syntax is:

DROP PRIVILEGES OWNED BY role [, ...]

I at some point decided to implement it as a new command instead of
changing DropOwnedStmt, and I think that might have been a mistake. It
might have made more sense to instead teach DROP OWNED to accept a
specification of which things to drop. But the proposal is more
important than such details, I think.

DROP seems like the wrong verb here. DROP is used for deleting objects,
while REVOKE is used for removing permissions from them. REVOKE already
has something similar:

REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA public FROM heikki;

Following that style, how about making the syntax:

REVOKE ALL PRIVILEGES ON ALL OBJECTS FROM <role>

or just:

REVOKE ALL PRIVILEGES FROM <role>;

- Heikki

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

On 12/17/14 5:37 PM, Heikki Linnakangas wrote:

On 12/15/2014 02:43 AM, Marko Tiikkaja wrote:

The syntax is:

DROP PRIVILEGES OWNED BY role [, ...]

DROP seems like the wrong verb here. DROP is used for deleting objects,
while REVOKE is used for removing permissions from them. REVOKE already
has something similar:

REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA public FROM heikki;

Following that style, how about making the syntax:

REVOKE ALL PRIVILEGES FROM <role>;

I don't have a problem with that. It would probably work, too, since
FROM is already fully reserved.

.marko

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

On Thu, Dec 18, 2014 at 1:43 AM, Marko Tiikkaja <marko@joh.to> wrote:

I don't have a problem with that. It would probably work, too, since FROM
is already fully reserved.

Marking patch as returned with feedback as there has been no input
from Marko in the last couple of weeks.
--
Michael

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers