Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tl8uz-009d9V-8a for pgsql-general@arkaria.postgresql.org; Thu, 20 Feb 2025 15:56:53 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tl8ux-008qra-Oi for pgsql-general@arkaria.postgresql.org; Thu, 20 Feb 2025 15:56:51 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tl8ux-008qpt-Dc for pgsql-general@lists.postgresql.org; Thu, 20 Feb 2025 15:56:51 +0000 Received: from mail-oi1-x229.google.com ([2607:f8b0:4864:20::229]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1tl8uv-001zDF-1y for pgsql-general@lists.postgresql.org; Thu, 20 Feb 2025 15:56:51 +0000 Received: by mail-oi1-x229.google.com with SMTP id 5614622812f47-3f40b12520eso812587b6e.3 for ; Thu, 20 Feb 2025 07:56:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740067008; x=1740671808; darn=lists.postgresql.org; h=cc:to:subject:message-id:date:from:references:in-reply-to :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=BSMiu7XV09wQXu2JZBoXDCa+2ZJXUV3dBjFwqN1MT7c=; b=Lc+7IEYRap+gvHwwn9LNqhfSjY7Mh9KN+hCDIrpiLOZrMB98dGyUQZsCCYN/Q/gQVW 68qL1ADh5tVEaHKOHLWMk5t3x8JUl3IqsmRxuH37axQUQcqCUYB6xa/3HnF3P/iw3W7R xxmrHHVTGljt8w20u7Mon7EYXEAiW3bYaTKw+LWuiE2QIYlPJ1cWbMNfwM/X+VSKte6Z l63Z2lGO3hEoDS3sMvxVa+am2WIf9taRtmHkLWzpH2vnszUfh3Q5ytv4xtBpwkhyNP+7 n1IE1a8colK64kiOSVSDpTs+CasFUeUSDQPH+IMwI4YWUthjlYGDrXkdVHTkPA+GSjkx A+8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740067008; x=1740671808; h=cc:to:subject:message-id:date:from:references:in-reply-to :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=BSMiu7XV09wQXu2JZBoXDCa+2ZJXUV3dBjFwqN1MT7c=; b=C6A7Chu9QhrUKPHKFzhoA0GJ1FMPghr514iapHjJD3ZRC+YxjlMu7KfntYcF9apkc/ ED+PO0Tooapnz3hLSRXsNcVCF+bJ8fFICkKXzAJVyNR8UQ7Tdj+qX/IKyd2HJWtB9CVQ t+WbAxfmwRYLi/MMT/IRCcvcH/3Dw9CAaJWGDjVyTkj/wz3xRgyFURU0FpQIMd2HpENE vjpOSy4ongQyddDlGCrH5vCzQ5AkN+Nfjxaa5r5FTgGketdiSU5sV4bSNE3OGDQ7LJaV OUZJINGtqF+sbuFTF1RT/L2Vy3nvAA7HUlEkeCBuSCU/Osl8Si2NrUJwrC6Z171ClP4M injQ== X-Gm-Message-State: AOJu0YzwWuTEI/tGqxQqFBo8W9kFbjuVDzDbJC18yMQe/flU4I5m8u5W NKrWLlpKoOPFFlVegSNzJgCQnRdKh7uwgjn6AbjQ0FGMbwQdh5WJK6DXyWSHqhnkX/HsEfUfGYq iN2XSDRLg+bq/1XwOV8xE26NH19LjHw== X-Gm-Gg: ASbGnctUTJqISn8zR/1kSGkiI9waG5sJY3IPJYjox0ye0PNnw+GpDt8Fg+ERYIi5xOy fLkR7hK1dBn9P2bFUOAljpDkwvIvjtpwy0XS/84M0tOO2HMp91DgtwnbfUh4+cO/YBDe1ZzE= X-Google-Smtp-Source: AGHT+IF0TouuIl3ZdqLIHOH5YUAvNHcjJpUuoXU7yHUGCDeZik9eBV1hsaCJpalhDhqzV1EPtV8YHiJReO6hlF5HzHQ= X-Received: by 2002:a05:6808:199d:b0:3f4:8cd:e930 with SMTP id 5614622812f47-3f40f1d0ac1mr5188432b6e.3.1740067007816; Thu, 20 Feb 2025 07:56:47 -0800 (PST) MIME-Version: 1.0 Received: by 2002:a05:6802:328f:b0:589:13f9:e937 with HTTP; Thu, 20 Feb 2025 07:56:47 -0800 (PST) In-Reply-To: References: From: "David G. Johnston" Date: Thu, 20 Feb 2025 08:56:47 -0700 X-Gm-Features: AWEUYZnr1weEtZwp8lYXzulWmXpl5NstLHnSsik_FNrd1jRvp2OXSD_ZBNnnXbI Message-ID: Subject: Re: DROP ROLE as SUPERUSER To: Dominique Devienne Cc: "pgsql-general@lists.postgresql.org" Content-Type: multipart/alternative; boundary="000000000000e2eeaf062e94eb69" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --000000000000e2eeaf062e94eb69 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thursday, February 20, 2025, David G. Johnston < david.g.johnston@gmail.com> wrote: > On Thursday, February 20, 2025, Dominique Devienne > wrote: > >> Hi. Today I was surprised that REVOKE ALL ON DATABASE FROM ROLE silently >> did nothing, even with CASCADE, when I was running it as SUPERUSER, >> preventing DROP'ing the ROLE. I had to manually SET ROLE to the GRANTOR,= do >> the REVOKE, which DID something this time, and then I could DROP the rol= e. >> >> That's hardly convenient :). And I was helping someone else who couldn't >> figure out how to drop that role. Isn't there a better way? >> >> I thought SUPERUSER was more powerful that than. Why isn't it? >> > > This has nothing to do with power/permissions. It is about not specifyin= g > =E2=80=9Cgranted by=E2=80=9D in your SQL command and thus failing to full= y and correctly > specify the single permission you want to revoke. > Well, not =E2=80=9Csingle permission=E2=80=9D but the ALL only applies to t= he permission types, not actually everything for all grantors. David J. --000000000000e2eeaf062e94eb69 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thursday, February 20, 2025, David G. Johnston <david.g.johnston@gmail.com> wrote:
On Thursday, February 20, 2025, Dominique Devienn= e <ddevienne@gm= ail.com> wrote:
H= i. Today I was surprised that REVOKE ALL ON DATABASE FROM ROLE silently did= nothing, even with CASCADE, when I was running it as SUPERUSER, preventing= DROP'ing the ROLE. I had to manually SET ROLE to the GRANTOR, do the R= EVOKE, which DID something this time, and then I could DROP the role.
<= br>
That's hardly convenient :). And I was helping someone el= se who couldn't figure out how to drop that role. Isn't there a bet= ter way?

I thought SUPERUSER was more powerful tha= t than. Why isn't it?

This = has nothing to do with power/permissions.=C2=A0 It is about not specifying = =E2=80=9Cgranted by=E2=80=9D in your SQL command and thus failing to fully = and correctly specify the single permission you want to revoke.

Well, not =E2=80=9Csingle permission=E2=80=9D bu= t the ALL only applies to the permission types, not actually everything for= all grantors.

David J.=C2=A0
--000000000000e2eeaf062e94eb69--