| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | immerrr again <immerrr(at)gmail(dot)com> |
| Cc: | Pavel Luzanov <p(dot)luzanov(at)postgrespro(dot)ru>, pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: DROP ROLE blocked by pg_init_privs |
| Date: | 2025-11-26 03:45:00 |
| Message-ID: | 1507599.1764128700@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
immerrr again <immerrr(at)gmail(dot)com> writes:
> On Wed, Nov 26, 2025 at 1:08 AM Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>> The missing step here is
>> DROP OWNED BY test_role;
> It just makes me uneasy to run a command with such potential for data loss
> in order to remove a role.
Well,
(a) if you try to DROP ROLE any role that still owns objects,
it will refuse, and tell you what the role still owns.
(The crux of your problem is that access permissions are not objects.)
(b) the usual procedure is to do REASSIGN OWNED first. Anything
that remains to be dropped by DROP OWNED must be an access permission
not an object.
(c) you do know that DDL in Postgres is transactional, right?
You can roll it back if you don't like the results.
> So much so that I have written a couple of
> queries to manually clean up the system tables pg_init_privs/pg_shdepends
> instead (see [1]).
Yup, that's far safer. No possibility of irretrievably hosing your
database through ill-considered manual catalog changes, for sure.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew | 2025-11-26 07:27:00 | Re: Wal streaming |
| Previous Message | Ron Johnson | 2025-11-26 00:39:48 | Re: DROP ROLE blocked by pg_init_privs |