On Thursday, February 20, 2025, David G. Johnston <
david.g.johnston@gmail.com> wrote:
On Thursday, February 20, 2025, Dominique Devienne <ddevienne@gmail.com> wrote:
Hi. Today I was surprised that REVOKE ALL ON DATABASE FROM ROLE silently did nothing, even with CASCADE, when I was running it as SUPERUSER, preventing DROP'ing the ROLE. I had to manually SET ROLE to the GRANTOR, do the REVOKE, which DID something this time, and then I could DROP the role.
That's hardly convenient :). And I was helping someone else who couldn't figure out how to drop that role. Isn't there a better way?
I thought SUPERUSER was more powerful that than. Why isn't it?
This has nothing to do with power/permissions. It is about not specifying “granted by” in your SQL command and thus failing to fully and correctly specify the single permission you want to revoke.
Well, not “single permission” but the ALL only applies to the permission types, not actually everything for all grantors.
David J.
