> Well, the spec doesn't have create permissions per se, but they do have
> a "usage" right on domains, and they specify that revoking that results
> in dropping objects:
>
> 7) For every abandoned domain descriptor DO, let S1.DN be the
> <domain name> of DO. The following <drop domain statement> is
> effectively executed without further Access Rule checking:
>
> DROP DOMAIN S1.DN CASCADE
Hmmm. Seems pretty harsh. But barring us implementing that (I don't
see it happening for 7.5), just had an idea :)
How about pg_dumpall dumps all users as superusers, and then changes
them back to what they're supposed to be at the bottom of the script :)
Easy :)
Chris
