New Role drop with Grant/Revokes stop working after subsequent runs - Mailing list pgsql-general

1. START
   1. We begin with the db owner role as the bootstrap seed - but subsequent runs feed in successive users.
   2. With this role we create a new user/password, for example: CREATE USER UUU WITH PASSWORD 'PPpp' CREATEDB CREATEROLE
   3. GRANTS
   4. GRANT <prior user> TO <new user>
   5. For each Data
   6.     For each Schema

1. GRANT USAGE ON SCHEMA <schema> TO <new user>
2. GRANT CREATE ON SCHEMA <schema> TO <new user>
3. GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA <schema> TO <new user>
4. GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA <schema> TO <new user>
5. GRANT EXECUTE ON ALL FUNCTIONS

                                                             ii.      GRANT ALL DEFAULT PRIVILEGES

                                                           iii.      GRANT POSTGRES_FDW

                                                           iv.      GRANT FOREIGN SERVER

end loop; end loop;

6. REVOKES

 i.      GRANT <prior user> TO <new user>

ii.      REASSIGN OWNED BY <prior user> TO <new user>

iii.      DROP OWNED BY <prior user> TO <new user>

7. For each Database
8.    For each Schema

1. REVOKE USAGE ON SCHEMA <schema> TO <new user>
2. REVOKE CREATE ON SCHEMA <schema> TO <new user>
3. REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA <schema> TO <new user>
4. REVOKE ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA <schema> TO <new user>
5. REVOKE EXECUTE ON ALL FUNCTIONS

                                                             ii.      REVOKE ALL DEFAULT PRIVILEGES

                                                           iii.      REVOKE POSTGRES_FDW

                                                           iv.      REVOKE FOREIGN SERVERS

end loop; end loop;

8. DROP ROLE <prior user> (if it's not the db owner)