Re: REVOKE ALL ON ALL OBJECTS IN ALL SCHEMAS FROM some_role?

From: Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>
To: Scott Ribe <scott_ribe(at)elevated-dev(dot)com>, Ron Johnson <ronljohnsonjr(at)gmail(dot)com>
Cc: Pgsql-admin <pgsql-admin(at)lists(dot)postgresql(dot)org>
Subject: Re: REVOKE ALL ON ALL OBJECTS IN ALL SCHEMAS FROM some_role?
Date: 2025-07-08 12:53:03
Message-ID: bacddcb84956a662cd3de97ce4fe32d705083dc7.camel@cybertec.at
Views: Whole Thread | Raw Message | Download mbox | Resend email
Thread:
Lists: pgsql-admin

On Tue, 2025-07-08 at 06:16 -0600, Scott Ribe wrote:
> I don't have an answer for you, just a question out of curiosity. Is this a prelude
> to dropping the role? Thus, if it existed, DROP ROLE ... CASCADE would have worked
> for your use case?

If dropping the role is the reason why the privileges should go, the canonical
procedure is:

- connect to each database in the cluster in turn; in each:
- REASSIGN OWNED BY role_to_drop ...
to transfer ownership
- DROP OWNED BY role_to_drop
to remove owned objects *and privileges*
- DROP ROLE role_to_drop

Yours,
Laurenz Albe

In response to

Responses

Browse pgsql-admin by date

  From Date Subject
Next Message Ron Johnson 2025-07-08 12:59:50 Re: REVOKE ALL ON ALL OBJECTS IN ALL SCHEMAS FROM some_role?
Previous Message Scott Ribe 2025-07-08 12:35:00 Re: REVOKE ALL ON ALL OBJECTS IN ALL SCHEMAS FROM some_role?