Home > mailing lists

Re: [ADMIN] Permissions not removed when group dropped - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: [ADMIN] Permissions not removed when group dropped
Date	May 15, 2005 21:49:02
Msg-id	3358.1116193736@sss.pgh.pa.us Whole thread Raw
In response to	Re: [ADMIN] Permissions not removed when group dropped (Alvaro Herrera <alvherre@surnet.cl>)
Responses	Re: [ADMIN] Permissions not removed when group dropped
List	pgsql-hackers

Tree view

Alvaro Herrera <alvherre@surnet.cl> writes:
> Additionally we need to think what should happen if the user is the
> grantor of some privilege.  I think we should warn in RESTRICT mode, and
> in CASCADE, revoke the privilege from the grantee.

You mean "fail in RESTRICT mode", no?

> Hmm.  We could implement something like "DROP USER LOCALLY [CASCADE |
> RESTRICT]", which would be a very misleading name for operations 2-4
> above.  Additionally, if the user doesn't have references in other
> databases, drop the user itself.  (Note it's inconsistent.)

I'd go for something more like "DROP OWNED OBJECTS", which'd be just
the stuff internal to the current database (owned objects and ACL
entries).  You don't need to drop group memberships per-database.
        regards, tom lane

pgsql-hackers by date:

From: Simon Riggs
Date: 15 May 2005, 21:44:28
Subject: Re: Planned change of ExecRestrPos API

From: Christopher Kings-Lynne
Date: 16 May 2005, 01:24:41
Subject: Re: PostgreSQL running out of file handles

Re: [ADMIN] Permissions not removed when group dropped - Mailing list pgsql-hackers

Previous

Next