| From: | Hans-Juergen Schoenig <postgres(at)cybertec(dot)at> |
|---|---|
| To: | Alvaro Herrera <alvherre(at)commandprompt(dot)com> |
| Cc: | PGSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: DROP ROLE dependency tracking ... |
| Date: | 2008-05-25 13:32:32 |
| Message-ID: | 48396A70.8000501@cybertec.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Alvaro Herrera wrote:
> Hans-Juergen Schoenig wrote:
>
>
>> test=# create role xy LOGIN;
>> CREATE ROLE
>>
>> test=# grant connect on database test to xy;
>> GRANT
>>
>> test=# drop role xy;
>> ERROR: role "xy" cannot be dropped because some objects depend on it
>> DETAIL: access to database test
>>
>> this is a totally fresh instance --- all i did was creating a db called
>> "test".
>> failing would make sense if i would the owner of an object but i fact i
>> don't own anything.
>>
>
> But in some cases you might not want to lose the information associated
> to the grants you've done. That's why we have REASSIGN OWNED.
>
> Hmm, but then there's no way to lose it, even if you do want that. DROP
> OWNED does not touch grants (which is per design), but we don't have
> DROP ROLE CASCADE. So maybe there's a functionality gap here ...
>
>
when thinking of REASSIGNED OWNED people tend to think about tables
rather than about CONNECT rights.
i would suggest to make DROP ROLE just kill the role unless there is a
real object depending on it.
i would not see a permission to be an object. what do you think?
many thanks,
hans
--
Cybertec Schönig & Schönig GmbH
PostgreSQL Solutions and Support
Gröhrmühlgasse 26, A-2700 Wiener Neustadt
Tel: +43/1/205 10 35 / 340
www.postgresql-support.de, www.postgresql-support.com
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2008-05-25 14:01:08 | Re: DROP ROLE dependency tracking ... |
| Previous Message | Alvaro Herrera | 2008-05-25 12:56:49 | Re: DROP ROLE dependency tracking ... |