From: | AC Gomez <antklc(at)gmail(dot)com> |
---|---|
To: | raf <raf(at)raf(dot)org> |
Cc: | pgsql-general(at)lists(dot)postgresql(dot)org |
Subject: | Re: Backing out of privilege grants rabbit hole |
Date: | 2020-04-03 04:59:23 |
Message-ID: | CABtmK-g5a31Ekmt+BjpTUJZcCJLwZYrNw+3prBsLoQmPy_dftw@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Granted. But we are where we are, so I'm assuming this is going to be hand
to hand combat.
On Fri, Apr 3, 2020, 12:57 AM raf <raf(at)raf(dot)org> wrote:
> It's probably more sensible to grant permissions to roles that
> represent groups, and have roles for individual users that
> inherit the permissions of the group roles. Then you don't
> need to revoke the permissions just because an individiual
> has left.
>
> cheers,
> raf
>
> AC Gomez wrote:
>
> > Thanks for the quick response. The problem is, in most cases the owner is
> > not the grantee. So if a role, let's say a temp employee, gets grants,
> then
> > leaves, I can't do a drop owned because that temp never owned those
> > objects, he just was granted access. Is there a "drop granted" kind of
> > thing?
> >
> > On Thu, Apr 2, 2020, 11:37 PM Guyren Howe <guyren(at)gmail(dot)com> wrote:
> >
> > > https://www.postgresql.org/docs/12/sql-drop-owned.html
> > >
> > > On Apr 2, 2020, at 20:34 , AC Gomez <antklc(at)gmail(dot)com> wrote:
> > >
> > > Do I understand correctly that if a role was assigned countless object
> > > privileges and you want to delete that role you have to sift through a
> > > myriad of privilege grants in what amounts to a time consuming trial
> and
> > > error exercise until you've got them all?
> > >
> > > Or is there a single command that with just delete the role and do a
> > > blanket grant removal at the same time?
>
>
>
From | Date | Subject | |
---|---|---|---|
Next Message | postgann2020 s | 2020-04-03 05:11:52 | Re: Could someone please help us share the procedure to troubleshoot the locks on proc issues. |
Previous Message | raf | 2020-04-03 04:57:39 | Re: Backing out of privilege grants rabbit hole |