Re: Trying to change the owner of some tables

From: "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>
To: John Scalia <jayknowsunix(at)gmail(dot)com>
Cc: Jerry Sievers <gsievers19(at)comcast(dot)net>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, "pgsql-admin(at)postgresql(dot)org" <pgsql-admin(at)postgresql(dot)org>
Subject: Re: Trying to change the owner of some tables
Date: 2015-06-25 18:12:49
Message-ID: CAKFQuwbFQnG-SOEre7_VhXqhpzskM=Vh4CeGzSWsBHi++_irdA@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

On Thu, Jun 25, 2015 at 1:42 PM, John Scalia <jayknowsunix(at)gmail(dot)com> wrote:

> Everything has been corrected. The newly reloaded database is behaving
> much better. I did manage to get all my permission issues satisfied,
> although I have a followup question: For the two roles I wished to delete,
> I issued a revoke all privileges on each schema in the DB with a cascade
> option, but if I looked at table, relname in pg_class, I would still see
> that role as having select, update, and delete for the role's permission.
> Why wouldn't those be revoked when doing a revoke all privileges? Did I
> miss something?
>

Some permissions are inherited via PUBLIC and thus must be revoked by
revoking them from PUBLIC and not the user inheriting them. Revoke revokes
stuff, it does not add the equivalent of a "deny" permission. All
permissions are denied until explicitly or implicitly granted.

HTH

David J.

In response to

Browse pgsql-admin by date

  From Date Subject
Next Message Dave Johansen 2015-06-25 18:30:06 Re: database must be vacuumed with <N> transactions
Previous Message John Scalia 2015-06-25 17:42:15 Re: Trying to change the owner of some tables