User groups table is defined as
CREATE TABLE IF NOT EXISTS public.kaspriv
(
id serial primary key,
user character(10) NOT NULL,
group character(35) NOT NULL
...
)
There are hundreds of users. Earlier time grant and revoke commands were executed for every user separately. Later revoke and grant commands for public were added:
REVOKE ALL ON TABLE public.kaspriv FROM PUBLIC;
GRANT SELECT ON TABLE public.kaspriv TO PUBLIC;
pgAdmin SQL tab still shows revoke and grant commands for every user also:
REVOKE ALL ON TABLE public.kaspriv FROM PUBLIC;
REVOKE ALL ON TABLE public.kaspriv FROM someuser;
REVOKE ALL ON TABLE public.kaspriv FROM someotheruser;
...
GRANT SELECT ON TABLE public.kaspriv TO PUBLIC;
GRANT SELECT ON TABLE public.kaspriv TO someuser;
GRANT SELECT ON TABLE public.kaspriv TO someother;
...
How to remove those unnecessary user-specific GRANT and REVOKE commands to make rights cleaner? pgAdmin does not have delete option for those.
Something like
DROP REVOKE ALL ON TABLE public.kaspriv FROM all EXCEPT public;
DROP GRANT SELECT ON TABLE public.kaspriv FROM all EXCEPT public;
This will be one-time action. It can be done manually in pgadmin or using some script running once.
Using
PostgreSQL 12.2 (Debian 12.2-2.pgdg100+1) on x86_64-pc-linux-gnu,
compiled by gcc (Debian 8.3.0-6) 8.3.0, 64-bit
and latest pgAdmin 7.2
Posted also in https://stackoverflow.com/questions/76394896/how-to-remove-unnecessary-grant-and-revoke-privileges-from-table
Andrus.
