| From: | Richard Huxton <dev(at)archonet(dot)com> |
|---|---|
| To: | David Legault <legault(dot)david(at)gmail(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: REVOKE ALL |
| Date: | 2007-02-21 09:31:40 |
| Message-ID: | 45DC117C.4020104@archonet.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
David Legault wrote:
> Hello,
>
> Is there a way to revoke all privileges of a role without actually
> specifying the whole list of items.
>
> Like if a role has privileges on FUNCTIONs, is there a REVOKE all
> FUNCTIONS.
There's no GRANT/REVOKE <perm> ON public.* command format, but there are
plenty of plpgsql functions that do something of the sort.
> Is there a way to check if it has a GRANT in a particular type (CONNECT,
> FUNCTION, TRIGGER) before calling the REVOKE command?
You can wrap it in a function and check the system catalogues or use the
has_xxx_privilege() functions, otherwise no.
> Also, if I do a GRANT CONNECT ON DATABASE X TO Y, will Y be able to connect
> to other databases if I haven't given him permission to do so (what is the
> default value when a role is created since roles are global)?
By default all users can connect to all databases. This is limited by
your pg_hba.conf settings and after that by GRANT CONNECT;
--
Richard Huxton
Archonet Ltd
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Richard Huxton | 2007-02-21 09:36:03 | Re: number of tables limited over time (not simultaneous)? |
| Previous Message | Magnus Hagander | 2007-02-21 08:54:25 | Re: Installing support for python on windows |