BUG #1203: Dropping a user does not revoke their permissions - Mailing list pgsql-bugs

From PostgreSQL Bugs List
Subject BUG #1203: Dropping a user does not revoke their permissions
Date
Msg-id 20040803002323.B9EFACF4B44@www.postgresql.com
Whole thread Raw
List pgsql-bugs
The following bug has been logged online:

Bug reference:      1203
Logged by:          Geoff Kloess

Email address:      geoffk@garden-grove.org

PostgreSQL version: 7.4

Operating system:   Redhat ES3

Description:        Dropping a user does not revoke their permissions

Details:

Maybe this isn't a bug, because I find it hard to believe that it hasn't
been noticed already, but I didn't find anything in the documentation about
this.

Dropping a user does not automatically revoke their permissions on tables,
instead it changes the permission from their name to their system id number
when displayed using "\z".

It seems weird that the database will keep around permissions for
non-existent users.  And it causes an error when doing a pg_restore.

It is also impossible to revoke permissions when the user attached to them
does not exist, which means you have to create a temporary user with the
same sysid as the old user, revoke the permissions and then drop the
temporary user.

It seems like it would make a lot more sense to just revoke the permissions
at the same time the user is dropped.

pgsql-bugs by date:

Previous
From: Tom Lane
Date:
Subject: Re: 7.5dev assertion failure w/ v3 protocol and transactions
Next
From: "borajetta"
Date:
Subject: index corruption and having to reindex