Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tl8tc-009cz7-JH for pgsql-general@arkaria.postgresql.org; Thu, 20 Feb 2025 15:55:28 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1tl8tb-008nBu-3S for pgsql-general@arkaria.postgresql.org; Thu, 20 Feb 2025 15:55:27 +0000 Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1tl8ta-008n8f-Nu for pgsql-general@lists.postgresql.org; Thu, 20 Feb 2025 15:55:26 +0000 Received: from mail-oi1-x22c.google.com ([2607:f8b0:4864:20::22c]) by magus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1tl8tY-001zCH-2t for pgsql-general@lists.postgresql.org; Thu, 20 Feb 2025 15:55:26 +0000 Received: by mail-oi1-x22c.google.com with SMTP id 5614622812f47-3f34101f68eso257263b6e.0 for ; Thu, 20 Feb 2025 07:55:24 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1740066923; x=1740671723; darn=lists.postgresql.org; h=cc:to:subject:message-id:date:from:references:in-reply-to :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=Cau8JZP3wv8QDXN1fy500kYiESFd0BMAsPL6pYI9Gk0=; b=PodbrCUSCP7tHb9QZ00GwU3zo+vbUdKDQ65XjTZGOZ92glf5U/poOzDm3i+nkOJEHS +epn/DtF9Dui1sm2Dlwdb5qU/40W6McBMBIcKsGe3X/TYaxwpuD+P+6yGy1jKSSin5Lr UzxR+8LQAGP3iFtxr7/Ewxgl2R6SlrWpjpCMwePBoj8O4QU4f9LwBVSjs+dINj8Nq6D0 p2gYgPolmJTaZsmliJUkJKp6ch+GDfEFBsj+wRlm4T0dBYij8/p1ysVPlpRK3Si3EzqX G0g1RWmeT6GT5VZAzlm9shv0Dput1sV/XrWxjLUrZ3e7Zk6ylzKpfwtFX9o+2b75k/cb 7xIw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1740066923; x=1740671723; h=cc:to:subject:message-id:date:from:references:in-reply-to :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=Cau8JZP3wv8QDXN1fy500kYiESFd0BMAsPL6pYI9Gk0=; b=tb5idgrx/Kz32gXdO58H46/Q1bEg525coQBbidB8WCJQthxbNfEdP47vRM294C0qN0 0JOiYtQyzNrceY4euSY4BwqWWjLPRKgA0V08dU9RDtIbKXpG4+nbNtXoiZdoOuNOBwDu AQDNErOzwGz5dRazdOrCVMjnHkE8g3GtFI8m+IYn5YBuzQONRKyWQpGa62oFTDHXHrJ7 x3MzWru/CfruZ113tfeqNj8rOuzLaRpWXPGTeciY/fOpOzYe31ZCgLKVOXs0LFBE3Vi4 TA1LHiDlkO7aicSFDsUPEcgLVOPXzYzM0oz+kbENudNqr05R0TQUuUaXVY3q5FZsHP+w /i3Q== X-Gm-Message-State: AOJu0Yw/jn1XAJyzmrpbcWkYN4BxtlRQ+CWHptIVPAyonbcI5e9bA1A+ 9l4CTKCoDUy7nf/RI4wivcDefVI6sbU1lGxS0Q3quTq5MoyBOyfqSvXsXxViWX7+rNadswFwx1p qZCcYaVUF2VoAVeu0/rJGUQ/H/LM= X-Gm-Gg: ASbGncsAIi2TNIOplKQJd9I3ei605ZyWxDpAHwhPyG7NYkIiu0auBZhD9YlLCFF3Mcm 62OGeOAB4AMeWfJ+tSVHYr+B0nMmO+XuN90WQDMEQP7WOkPGb7+Yoh4OGooF1cSQ1G9WiYW8= X-Google-Smtp-Source: AGHT+IFxsyVgNELpgcv9uu2ypcrpqPGvg1rr46C587pYj1YEAbcGY/PeHNlCtdteddjZtA7CW+ibA8DLUkPTfy0/VJ8= X-Received: by 2002:a05:6808:640f:b0:3f4:e63:7ecb with SMTP id 5614622812f47-3f40e637f3emr5992097b6e.14.1740066923030; Thu, 20 Feb 2025 07:55:23 -0800 (PST) MIME-Version: 1.0 Received: by 2002:a05:6802:328f:b0:589:13f9:e937 with HTTP; Thu, 20 Feb 2025 07:55:21 -0800 (PST) In-Reply-To: References: From: "David G. Johnston" Date: Thu, 20 Feb 2025 08:55:21 -0700 X-Gm-Features: AWEUYZl64mypUXb_NXrHw05MgB28KVXcM6CCrRCahzXVbIFKEFAqmIEwcojNLAw Message-ID: Subject: Re: DROP ROLE as SUPERUSER To: Dominique Devienne Cc: "pgsql-general@lists.postgresql.org" Content-Type: multipart/alternative; boundary="000000000000d5304d062e94e66d" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --000000000000d5304d062e94e66d Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thursday, February 20, 2025, Dominique Devienne wrote: > Hi. Today I was surprised that REVOKE ALL ON DATABASE FROM ROLE silently > did nothing, even with CASCADE, when I was running it as SUPERUSER, > preventing DROP'ing the ROLE. I had to manually SET ROLE to the GRANTOR, = do > the REVOKE, which DID something this time, and then I could DROP the role= . > > That's hardly convenient :). And I was helping someone else who couldn't > figure out how to drop that role. Isn't there a better way? > > I thought SUPERUSER was more powerful that than. Why isn't it? > This has nothing to do with power/permissions. It is about not specifying =E2=80=9Cgranted by=E2=80=9D in your SQL command and thus failing to fully = and correctly specify the single permission you want to revoke. David J. --000000000000d5304d062e94e66d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Thursday, February 20, 2025, Dominique Devienne <ddevienne@gmail.com> wrote:
Hi. Today I was surprised that REVOKE ALL ON= DATABASE FROM ROLE silently did nothing, even with CASCADE, when I was run= ning it as SUPERUSER, preventing DROP'ing the ROLE. I had to manually S= ET ROLE to the GRANTOR, do the REVOKE, which DID something this time, and t= hen I could DROP the role.

That's hardly convenient = :). And I was helping someone else who couldn't figure out how to drop = that role. Isn't there a better way?

I thought= SUPERUSER was more powerful that than. Why isn't it?

This has nothing to do with power/permissions.= =C2=A0 It is about not specifying =E2=80=9Cgranted by=E2=80=9D in your SQL = command and thus failing to fully and correctly specify the single permissi= on you want to revoke.

David J.

--000000000000d5304d062e94e66d--