| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Ing(dot) Marijo Kristo" <marijo(dot)kristo(at)icloud(dot)com> |
| Cc: | pgsql-sql(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Revoke Connect Privilege from Database not working |
| Date: | 2025-04-01 14:13:49 |
| Message-ID: | 346227.1743516829@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-sql |
"Ing. Marijo Kristo" <marijo(dot)kristo(at)icloud(dot)com> writes:
>> Removing the connect privilege with the Postgres Superuser and with the
>> Vault Admin user does not work.
>> postgres=# revoke connect on database "disp_db" from
>> "dev_oidc-m-kristo-rewe-group-at-2025_02_28T09_06_30+00:00";
>> REVOKE
REVOKE is not being as helpful as it could be here, perhaps:
it is failing to tell you that it's a no-op because there
is no such privilege. You never granted connect on disp_db
to that user so you can't revoke it either.
The privilege that exists by default, per [1], is that
database connect privileges are granted to PUBLIC (the
pseudo-group of all users). If that's not what you want,
you have to do
revoke connect on database "disp_db" from public;
and then grant it out again to the users who should have it.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David G. Johnston | 2025-04-01 14:15:13 | Re: Revoke Connect Privilege from Database not working |
| Previous Message | Ing. Marijo Kristo | 2025-03-31 15:26:13 | Revoke Connect Privilege from Database not working |