Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1sLugG-00HGCd-J1
	for pgsql-general@arkaria.postgresql.org; Tue, 25 Jun 2024 01:09:08 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1sLugE-00D1V7-4t
	for pgsql-general@arkaria.postgresql.org; Tue, 25 Jun 2024 01:09:06 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <tgl@sss.pgh.pa.us>)
	id 1sLugD-00D1Uz-Pr
	for pgsql-general@lists.postgresql.org; Tue, 25 Jun 2024 01:09:06 +0000
Received: from sss.pgh.pa.us ([68.162.161.243])
	by magus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <tgl@sss.pgh.pa.us>)
	id 1sLugB-003OXK-J1
	for pgsql-general@postgresql.org; Tue, 25 Jun 2024 01:09:05 +0000
Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1])
	by sss.pgh.pa.us (8.15.2/8.15.2) with ESMTP id 45P18xlE1231690;
	Mon, 24 Jun 2024 21:08:59 -0400
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Matt Zagrabelny <mzagrabe@d.umn.edu>
cc: Adrian Klaver <adrian.klaver@aklaver.com>,
        "pgsql-general@postgresql.org >> PG-General Mailing List" <pgsql-general@postgresql.org>
Subject: Re: schema privileges and drop role
In-reply-to: <CAOLfK3U-Hweja1P4OKjHe-E_nVmHR5uw7LjovFJJ=yech=hM8Q@mail.gmail.com>
References: <CAOLfK3Wx2VMhNONFpNpnA0LCMXpQgmSadGicJ3K+LF+ayeTWxQ@mail.gmail.com> <c09df100-6d68-4a86-901f-e1c11a27da27@aklaver.com> <CAOLfK3U-Hweja1P4OKjHe-E_nVmHR5uw7LjovFJJ=yech=hM8Q@mail.gmail.com>
Comments: In-reply-to Matt Zagrabelny <mzagrabe@d.umn.edu>
	message dated "Mon, 24 Jun 2024 19:43:58 -0500"
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-ID: <1231688.1719277739.1@sss.pgh.pa.us>
Content-Transfer-Encoding: 8bit
Date: Mon, 24 Jun 2024 21:08:59 -0400
Message-ID: <1231689.1719277739@sss.pgh.pa.us>
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/1231689.1719277739%40sss.pgh.pa.us>
Precedence: bulk

Matt Zagrabelny <mzagrabe@d.umn.edu> writes:
> On Mon, Jun 24, 2024 at 7:03 PM Adrian Klaver <adrian.klaver@aklaver.com>
> wrote:
>> "A role cannot be removed if it is still referenced in any database of
>> the cluster; an error will be raised if so. Before dropping the role,
>> you must drop all the objects it owns (or reassign their ownership) and
>> revoke any privileges the role has been granted on other objects. The
>> REASSIGN OWNED and DROP OWNED commands can be useful for this purpose;
>> see Section 22.4 for more discussion."

> Cool. I gave it a try, but came up with the same error:

> test_db=# REASSIGN OWNED by legacy_owner TO new_owner;
> REASSIGN OWNED
> Time: 0.212 ms
> test_db=# drop role legacy_owner;
> ERROR:  role "legacy_owner" cannot be dropped because some objects depend
> on it

You need to do DROP OWNED as well to get rid of those privileges.
REASSIGN OWNED only changes the ownership of ownable objects.

> I'd still like to see how to list the "privileges for schema
> public",

"\dn+ public" in psql would do that.

			regards, tom lane