Обсуждение: I can't drop a user if I don't drop his grants beforehand??????????????????
Hi, i can't believe my eyes. Why on earth I can't drop a user without previously revoking his privileges? This is really _crazy_ in my opinion. I'm not speaking of object ownership, but of GRANTs. Why?
Nico Sabbi <nsabbi@officinedigitali.it> writes: > i can't believe my eyes. Why on earth I can't drop a user without > previously revoking his privileges? Yeah, it's a known limitation. The reason it's not implemented is that some of the privileges may be in other databases besides the particular one you're connected to, and the backend hasn't got any way to get at those databases to remove the entries. Maybe someday it'll get fixed, but don't hold your breath. regards, tom lane
Tom Lane ha scritto: > Nico Sabbi <nsabbi@officinedigitali.it> writes: > >> i can't believe my eyes. Why on earth I can't drop a user without >> previously revoking his privileges? >> > > Yeah, it's a known limitation. The reason it's not implemented is that > some of the privileges may be in other databases besides the particular > one you're connected to, and the backend hasn't got any way to get at > those databases to remove the entries. > > Maybe someday it'll get fixed, but don't hold your breath. > > regards, tom lane > Thanks. Unfortunately role_usage_grants is emtpy and usage_privileges doesn't contain what I expected to find, so I had to iterate over the distinct table_schema in iformation_schema.tables to drop the schema_usage grants. Nico
Re: I can't drop a user if I don't drop his grants beforehand??????????????????
От
Alvaro Herrera
Дата:
Nico Sabbi wrote: > Hi, > i can't believe my eyes. Why on earth I can't drop a user without > previously revoking his privileges? > This is really _crazy_ in my opinion. > > I'm not speaking of object ownership, but of GRANTs. As Tom says, it's a known limitation. Did you try REASSIGN OWNED and/or DROP OWNED? -- Alvaro Herrera http://www.CommandPrompt.com/ The PostgreSQL Company - Command Prompt, Inc.
Alvaro Herrera ha scritto: > Nico Sabbi wrote: > >> Hi, >> i can't believe my eyes. Why on earth I can't drop a user without >> previously revoking his privileges? >> This is really _crazy_ in my opinion. >> >> I'm not speaking of object ownership, but of GRANTs. >> > > As Tom says, it's a known limitation. Did you try REASSIGN OWNED and/or DROP > OWNED? > > Hi, sorry for the big delay. No, I didn't because the tables weren't owned by the user I wanted to drop, but by another one.
Re: I can't drop a user if I don't drop his grants beforehand??????????????????
От
Alvaro Herrera
Дата:
Nico Sabbi wrote: > Alvaro Herrera ha scritto: >>> I'm not speaking of object ownership, but of GRANTs. >> >> As Tom says, it's a known limitation. Did you try REASSIGN OWNED and/or DROP >> OWNED? > No, I didn't because the tables weren't owned by the user I wanted to > drop, but by another one. DROP OWNED drops GRANTs too. -- Alvaro Herrera http://www.CommandPrompt.com/ PostgreSQL Replication, Consulting, Custom Development, 24x7 support