Thread: schema privileges and drop role

schema privileges and drop role

From
Matt Zagrabelny
Date:
Greetings,

I have a database that I recently changed the ownership for and now I am attempting to drop the previous owner of the database:

test_db=# drop ROLE legacy_owner;
ERROR:  role "legacy_owner" cannot be dropped because some objects depend on it
DETAIL:  privileges for schema public

I don't know where to look to find out what I need to alter to be able to remove the legacy role and internet searches came up fruitless.

Does anyone have any hints or advice on where to look?

Thanks for the help!

-m

Re: schema privileges and drop role

From
Adrian Klaver
Date:
On 6/24/24 17:00, Matt Zagrabelny wrote:
> Greetings,
> 
> I have a database that I recently changed the ownership for and now I am 
> attempting to drop the previous owner of the database:
> 
> test_db=# drop ROLE legacy_owner;
> ERROR:  role "legacy_owner" cannot be dropped because some objects 
> depend on it
> DETAIL:  privileges for schema public
> 
> I don't know where to look to find out what I need to alter to be able 
> to remove the legacy role and internet searches came up fruitless.

Generally best to start with the docs:

https://www.postgresql.org/docs/current/sql-droprole.html

"A role cannot be removed if it is still referenced in any database of 
the cluster; an error will be raised if so. Before dropping the role, 
you must drop all the objects it owns (or reassign their ownership) and 
revoke any privileges the role has been granted on other objects. The 
REASSIGN OWNED and DROP OWNED commands can be useful for this purpose; 
see Section 22.4 for more discussion."

> 
> Does anyone have any hints or advice on where to look?
> 
> Thanks for the help!
> 
> -m

-- 
Adrian Klaver
adrian.klaver@aklaver.com




Re: schema privileges and drop role

From
Matt Zagrabelny
Date:
Hi Adrian,

Thanks for the reply!

On Mon, Jun 24, 2024 at 7:03 PM Adrian Klaver <adrian.klaver@aklaver.com> wrote:
On 6/24/24 17:00, Matt Zagrabelny wrote:
> Greetings,
>
> I have a database that I recently changed the ownership for and now I am
> attempting to drop the previous owner of the database:
>
> test_db=# drop ROLE legacy_owner;
> ERROR:  role "legacy_owner" cannot be dropped because some objects
> depend on it
> DETAIL:  privileges for schema public
>
> I don't know where to look to find out what I need to alter to be able
> to remove the legacy role and internet searches came up fruitless.

Generally best to start with the docs:

https://www.postgresql.org/docs/current/sql-droprole.html

"A role cannot be removed if it is still referenced in any database of
the cluster; an error will be raised if so. Before dropping the role,
you must drop all the objects it owns (or reassign their ownership) and
revoke any privileges the role has been granted on other objects. The
REASSIGN OWNED and DROP OWNED commands can be useful for this purpose;
see Section 22.4 for more discussion."

Cool. I gave it a try, but came up with the same error:

test_db=# REASSIGN OWNED by legacy_owner TO new_owner;
REASSIGN OWNED
Time: 0.212 ms
test_db=# drop role legacy_owner;
ERROR:  role "legacy_owner" cannot be dropped because some objects depend on it
DETAIL:  privileges for schema public
test_db=#

I'd still like to see how to list the "privileges for schema public", but I do appreciate the REASSIGN OWNED command.

Thanks!

-m
 

>
> Does anyone have any hints or advice on where to look?
>
> Thanks for the help!
>
> -m

--
Adrian Klaver
adrian.klaver@aklaver.com

Re: schema privileges and drop role

From
Tom Lane
Date:
Matt Zagrabelny <mzagrabe@d.umn.edu> writes:
> On Mon, Jun 24, 2024 at 7:03 PM Adrian Klaver <adrian.klaver@aklaver.com>
> wrote:
>> "A role cannot be removed if it is still referenced in any database of
>> the cluster; an error will be raised if so. Before dropping the role,
>> you must drop all the objects it owns (or reassign their ownership) and
>> revoke any privileges the role has been granted on other objects. The
>> REASSIGN OWNED and DROP OWNED commands can be useful for this purpose;
>> see Section 22.4 for more discussion."

> Cool. I gave it a try, but came up with the same error:

> test_db=# REASSIGN OWNED by legacy_owner TO new_owner;
> REASSIGN OWNED
> Time: 0.212 ms
> test_db=# drop role legacy_owner;
> ERROR:  role "legacy_owner" cannot be dropped because some objects depend
> on it

You need to do DROP OWNED as well to get rid of those privileges.
REASSIGN OWNED only changes the ownership of ownable objects.

> I'd still like to see how to list the "privileges for schema
> public",

"\dn+ public" in psql would do that.

            regards, tom lane