Re: [ADMIN] Permissions not removed when group dropped

On Sun, May 15, 2005 at 05:48:56PM -0400, Tom Lane wrote:
> Alvaro Herrera <alvherre(at)surnet(dot)cl> writes:
> > Additionally we need to think what should happen if the user is the
> > grantor of some privilege. I think we should warn in RESTRICT mode, and
> > in CASCADE, revoke the privilege from the grantee.
>
> You mean "fail in RESTRICT mode", no?

Yes, with a message indicating what happened.

> > Hmm. We could implement something like "DROP USER LOCALLY [CASCADE |
> > RESTRICT]", which would be a very misleading name for operations 2-4
> > above. Additionally, if the user doesn't have references in other
> > databases, drop the user itself. (Note it's inconsistent.)
>
> I'd go for something more like "DROP OWNED OBJECTS", which'd be just
> the stuff internal to the current database (owned objects and ACL
> entries). You don't need to drop group memberships per-database.

Ok.

--
Alvaro Herrera (<alvherre[a]surnet.cl>)
"Find a bug in a program, and fix it, and the program will work today.
Show the program how to find and fix a bug, and the program
will work forever" (Oliver Silfridge)