I think I've narrowed the issue down. The problem is in some cases the permissions for the bad users were granted by one of the bad users. So even if I'm logged in as the table owner, I can't revoke privileges on a user that was granted privileges by another user. And I can't revoke privileges on the bad user that granted privileges to other bad users. And in some cases the postgres user set the privileges, and I can't do anything with them.
So I've been trying different combinations of logging in as different users and revoking privileges. Some things work and some things don't. It really it seems like the table owner should be able to revoke any privileges in their table, but this isn't the case.
The biggest problem I'm having is that the postgres user can't revoke anything for users that it granted privileges for.
I have a database that I dropped some users on. However, when doing dumps
and restores, it became clear that these users were still being referenced
by sysid. So I created new users and assigned them the sysids of the users I
had dropped.
So now I went to revoke the privileges for the new (temp) users. However,
some tables I can revoke the users and some I cannot.
I also tried to drop one of the new users I created and it created the same
situation as before, where the user still shows up with priveleges, but
instead of listing a name it lists a sysid.
I've had to deal with stuff like this before.
What exactly are the errors are you getting, and what version of
PostgreSQL are you running?
Peter
