| From: | Heikki Linnakangas <hlinnakangas(at)vmware(dot)com> |
|---|---|
| To: | Marko Tiikkaja <marko(at)joh(dot)to>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: DROP PRIVILEGES OWNED BY |
| Date: | 2014-12-17 16:37:01 |
| Message-ID: | 5491B12D.7040801@vmware.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 12/15/2014 02:43 AM, Marko Tiikkaja wrote:
> This week I had a problem where I wanted to drop only the privileges a
> certain role had in the system, while keeping all the objects. I
> couldn't figure out a reasonable way to do that, so I've attached a
> patch for this to this email. Please consider it for inclusion into
> 9.5. The syntax is:
>
> DROP PRIVILEGES OWNED BY role [, ...]
>
> I at some point decided to implement it as a new command instead of
> changing DropOwnedStmt, and I think that might have been a mistake. It
> might have made more sense to instead teach DROP OWNED to accept a
> specification of which things to drop. But the proposal is more
> important than such details, I think.
DROP seems like the wrong verb here. DROP is used for deleting objects,
while REVOKE is used for removing permissions from them. REVOKE already
has something similar:
REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA public FROM heikki;
Following that style, how about making the syntax:
REVOKE ALL PRIVILEGES ON ALL OBJECTS FROM <role>
or just:
REVOKE ALL PRIVILEGES FROM <role>;
- Heikki
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Marko Tiikkaja | 2014-12-17 16:43:35 | Re: DROP PRIVILEGES OWNED BY |
| Previous Message | Andrew Dunstan | 2014-12-17 16:34:25 | Re: [alvherre@2ndquadrant.com: Re: no test programs in contrib] |