On 4/2/20 9:59 PM, AC Gomez wrote:
Granted. But we are where we are, so I'm assuming this is going to be
hand to hand combat.
Well you could even the odds somewhat by using the below as a starting
point:
SELECT
relname,
pg_roles.rolname,
acl.*
FROM
pg_class,
aclexplode(relacl) AS acl
JOIN pg_roles ON acl.grantee = pg_roles.oid
WHERE
pg_roles.oid = 'some_role'::regrole;
On Fri, Apr 3, 2020, 12:57 AM raf <[email protected] <mailto:[email protected]>> wrote:
It's probably more sensible to grant permissions to roles that
represent groups, and have roles for individual users that
inherit the permissions of the group roles. Then you don't
need to revoke the permissions just because an individiual
has left.
cheers,
raf
AC Gomez wrote:
> Thanks for the quick response. The problem is, in most cases the
owner is
> not the grantee. So if a role, let's say a temp employee, gets
grants, then
> leaves, I can't do a drop owned because that temp never owned those
> objects, he just was granted access. Is there a "drop granted"
kind of
> thing?
>
> On Thu, Apr 2, 2020, 11:37 PM Guyren Howe <[email protected]
<mailto:[email protected]>> wrote:
>
> > https://www.postgresql.org/docs/12/sql-drop-owned.html
> >
> > On Apr 2, 2020, at 20:34 , AC Gomez <[email protected]
<mailto:[email protected]>> wrote:
> >
> > Do I understand correctly that if a role was assigned countless
object
> > privileges and you want to delete that role you have to sift
through a
> > myriad of privilege grants in what amounts to a time consuming
trial and
> > error exercise until you've got them all?
> >
> > Or is there a single command that with just delete the role and
do a
> > blanket grant removal at the same time?
--
Adrian Klaver
[email protected]
