On Thursday, February 20, 2025, Dominique Devienne <
ddevienne@gmail.com> wrote:
Hi. Today I was surprised that REVOKE ALL ON DATABASE FROM ROLE silently did nothing, even with CASCADE, when I was running it as SUPERUSER, preventing DROP'ing the ROLE. I had to manually SET ROLE to the GRANTOR, do the REVOKE, which DID something this time, and then I could DROP the role.
That's hardly convenient :). And I was helping someone else who couldn't figure out how to drop that role. Isn't there a better way?
I thought SUPERUSER was more powerful that than. Why isn't it?
This has nothing to do with power/permissions. It is about not specifying “granted by” in your SQL command and thus failing to fully and correctly specify the single permission you want to revoke.
David J.
