Re: default privileges

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Jaime Casanova <jcasanov(at)systemguards(dot)com(dot)ec>
Cc: PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: default privileges
Date: 2010-04-03 21:27:47
Message-ID: 25713.1270330067@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

I wrote:
> Yeah. The problem here is that once you've created an entry in
> pg_default_acl, there is no way to make it go away.

Actually that's not true: you can get rid of it with DROP OWNED BY.
This fact is even documented in the ALTER DEFAULT PRIVILEGES manual
page:

If you wish to drop a role that has had its global default
privileges altered, it is necessary to use DROP OWNED BY first,
to get rid of the default privileges entry for the role.

Not sure if this is good enough or we need to provide some more-obvious
way of dealing with it.

regards, tom lane

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Jaime Casanova 2010-04-03 23:56:49 Re: default privileges
Previous Message Tom Lane 2010-04-03 21:16:43 Re: default privileges