Revoke Connect Privilege from Database not working - Mailing list pgsql-sql

> Hello,
>
> we are using Vault to provision temporary users which get deleted after a
> while by the same user.
> For this purpose we have created a vault_admin user.
>
> postgres=# \du vault_admin
>            List of roles
>  Role name  |       Attributes
> -------------+------------------------
> vault_admin | Superuser, Create role
>
> postgres=# \l "disp_db"
>
>         List of databases
>  Name   |       Owner       | Encoding | Locale Provider |  Collate   |
> Ctype    | ICU Locale | ICU Rules |                               Access
> privileges
>
---------+-------------------+----------+-----------------+------------+------------+------------+-----------+--------------------------------------------------------------------------------
> disp_db | app_disp_db_admin | UTF8     | libc            | en_US.utf8 |
> en_US.utf8 |            |           |
> app_disp_db_admin=CTc/app_disp_db_admin
> +
>         |                   |          |                 |            |
>       |            |           | app_disp_db=Tc/app_disp_db_admin
>                                   +
>         |                   |          |                 |            |
>       |            |           | pg_database_owner=CTc/app_disp_db_admin
>                                   +
>         |                   |          |                 |            |
>       |            |           | vault_admin=c*/app_disp_db_admin
>                                   +
>         |                   |          |                 |            |
>       |            |           |
> "dev_oidc-m-kristo-rewe-group-at-2025_02_28T09_06_30+00:00"=c/vault_admin
> +
>         |                   |          |                 |            |
>       |            |           | app_disp_db_readonly=c/app_disp_db_admin
>
>
> Removing the connect privilege with the Postgres Superuser and with the
> Vault Admin user does not work.
>
> postgres=# select current_user;
> current_user
> --------------
> postgres
>
> postgres=# revoke connect on database "disp_db" from
> "dev_oidc-m-kristo-rewe-group-at-2025_02_28T09_06_30+00:00";
> REVOKE
>
> postgres=# drop user
> "dev_oidc-m-kristo-rewe-group-at-2025_02_28T09_06_30+00:00";
> ERROR:  role "dev_oidc-m-kristo-rewe-group-at-2025_02_28T09_06_30+00:00"
> cannot be dropped because some objects depend on it
> DETAIL:  privileges for database disp_db
>
> Same happens when trying to revoke with the vault admin user:
>
> disp_db=# select current_user;
> current_user
> --------------
> vault_admin
> (1 row)
>
> disp_db=# revoke connect on database "disp_db" from
> "dev_oidc-m-kristo-rewe-group-at-2025_02_28T09_06_30+00:00";
> REVOKE
> disp_db=# drop user
> "dev_oidc-m-kristo-rewe-group-at-2025_02_28T09_06_30+00:00";
> ERROR:  role "dev_oidc-m-kristo-rewe-group-at-2025_02_28T09_06_30+00:00"
> cannot be dropped because some objects depend on it
> DETAIL:  privileges for database disp_db
>
> Does not work via PSQL nor with pgadmin.
>
> Best Regards
> Marijo Kristo
>