| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | John Scalia <jayknowsunix(at)gmail(dot)com> |
| Cc: | Jerry Sievers <gsievers19(at)comcast(dot)net>, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>, "pgsql-admin(at)postgresql(dot)org" <pgsql-admin(at)postgresql(dot)org> |
| Subject: | Re: Trying to change the owner of some tables |
| Date: | 2015-06-25 18:12:49 |
| Message-ID: | CAKFQuwbFQnG-SOEre7_VhXqhpzskM=Vh4CeGzSWsBHi++_irdA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Thu, Jun 25, 2015 at 1:42 PM, John Scalia <jayknowsunix(at)gmail(dot)com> wrote:
> Everything has been corrected. The newly reloaded database is behaving
> much better. I did manage to get all my permission issues satisfied,
> although I have a followup question: For the two roles I wished to delete,
> I issued a revoke all privileges on each schema in the DB with a cascade
> option, but if I looked at table, relname in pg_class, I would still see
> that role as having select, update, and delete for the role's permission.
> Why wouldn't those be revoked when doing a revoke all privileges? Did I
> miss something?
>
Some permissions are inherited via PUBLIC and thus must be revoked by
revoking them from PUBLIC and not the user inheriting them. Revoke revokes
stuff, it does not add the equivalent of a "deny" permission. All
permissions are denied until explicitly or implicitly granted.
HTH
David J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Dave Johansen | 2015-06-25 18:30:06 | Re: database must be vacuumed with <N> transactions |
| Previous Message | John Scalia | 2015-06-25 17:42:15 | Re: Trying to change the owner of some tables |