Re: Remove default privilege from DB

Hello!

2018-02-15 14:19 GMT+01:00 Charles Clavadetscher <clavadetscher(at)swisspug(dot)org
>:

> What version of PostgreSQL are you using?
>
> And how did you get those first entries at all?
>
> What happens if you issue
>
> ALTER DEFAULT PRIVILEGES FOR ROLE suser GRANT EXECUTE ON FUNCTIONS TO
> PUBLIC;
>
> again?
>
>
> After that:
24629;0;"S";"{}"
24629;0;"T";"{}"
24629;0;"r";"{}"
24629;0;"f";"{=X/suser}"

ALTER DEFAULT PRIVILEGES FOR ROLE suser revoke EXECUTE ON FUNCTIONS from
PUBLIC;

24629;0;"S";"{}"
24629;0;"T";"{}"
24629;0;"r";"{}"
24629;0;"f";"{}"

PGSQL 9.4, 9.6 on Debian (diff. servers).

The source of the problem would be complicated.

The suser is not superuser, but all db owner was member of him.

The databases sometimes created from template0, sometimes copied from prev.
basic database (create database from another database), or from
backup/restore.
We created suser to see every data in database. But objects are created by
him denied from db owner.
Because of that we added default privileges (suser -> db owner).
The time passed away and many things changes. So we want to remove def.
privileges, but these orphan records remain here.
I removed the actual DB owner from suser's member list, but it have no
effect.

I will try to make backup/restore on an example db to see what happen. I
will try to recreate this strange thing in my test server.

Thanks
dd