On Wed, Jan 24, 2024 at 8:35 AM Laurenz Albe <laurenz.albe@cybertec.at> wrote:

On Wed, 2024-01-24 at 15:40 +0100, gparc@free.fr wrote:
> maybe a misunderstanding of my part, but your proposed modification doesn't matched
> with the current behaviour of the command as precisely the object privileges of the old owner are **NOT** transferred
> to the new owner along with the ownership

But that is what happens.

The permissions are transferred to the new owner, so the old owner doesn't
have any privileges on the object (and, in your case, cannot connect to
the database any more).

I dislike this change, ownership of an object is completely independent of the grant system of privileges. The granted privileges of the old row do not transfer to the new owner when alter ... owner to is executed. The separate object attribute "owner" is the only thing that changes. If the old owner doesn't have any granted privileges on the modified object then they will be left with no ability to interact with that object. In the case of Database the applicable interactions are Create and Connect. The permissions the old owner may have on any other objects in the database are also left unaffected - such as those on a schema. But if they have lost the ability to Connect then actually exercising schema privileges becomes impossible. It really isn't any different than removing their login attribute.

Note that since PUBLIC gets connect privileges on all databases by default...

David J.