> > Difficult to do, when those privileges might be recorded in
> > databases you're not even connected to at the time of the drop.
>=20
> I belive it would be pretty difficult, but leaving it "just like
> that" creates ssecurity breach (imagine someone droping user,
> beliving that everytinh is o.k.), than someone else creates
> different user but with keeping unused sysid (this might be the case
> with system users and keeping system user-id with database user-id
> the same) - which happens to be "not unused". i'm not sure if i'm
> clear about it.
Wouldn't an ON DELETE trigger on the system catalogs work? I'd think
it would be possible to select the tables and groups that a user had
privs to and iterate through each calling REVOKE. -sc
--=20
Sean Chittenden