Hi,
> since the dropped user is very unlikely to be resurrected, the correct=20
> answer would be to remove all dangling permissions on the existing=20
> objects. Using a sequence would only clutter the system with unused=20
> grants.
What about ownership? would that mean you want to delete the object?
> Since DROP USER is only rarely used, it would be okay if this operation
> is expensive.
The problem is not the drop being expensive. The problem is that tables=20
are managed withing a database, and you cannot access a database without=20
connecting to it, and it is not an option to connect to other databases to=
=20
do such a thing on any command.
So when you drop a user, you do not have access to acl so as to fix them=20
(i.e. removing dandling permissions). That may be done on the current
database, but that is all.
Think of the system. That would mean deleting/fixing all files owned by a=
=20
user when the user is removed, on whatever partition, maybe not even=20
mounted on the host. Not really possible, and not a good idea to try...
So it looks much simpler to fix the real issue by avoiding the userid to=20
be reused. The dandling permission cost is low.
Also, I would not be happy if deleting a user would mean deleting all=20
objects owned by that user, esp. as I cannot know simply what they are.
> At least a select statement to gather these dangling permissions
> should be available in the documentation.
It is a per database stuff: you must do it for every database. This very=20
query is in the todo list of my pgadvisor stuff (see=20
http://pg-advisor.projects.postgresql.org/). However I need some non=20
available support from the backend that was rejected when I submitted
a patch (8 lines of code:-). So it is unlikely to be added soon.
> PS: Btw: I seem to be unable to locate the TODO-list that should be
> referenced before posting a bug-report. Any hints?
simply follow "bug reporting guidelines" on http://www.postgresql.org/ ?
--=20
Fabien COELHO _ http://www.cri.ensmp.fr/~coelho _ Fabien.Coelho@ensmp.fr
CRI-ENSMP, 35, rue Saint-Honor=E9, 77305 Fontainebleau cedex, France
phone: (+33|0) 1 64 69 {voice: 48 52, fax: 47 09, standard: 47 08}
________ All opinions expressed here are mine _________