> > Difficult to do, when those privileges might be recorded in > > databases you're not even connected to at the time of the drop. > > I belive it would be pretty difficult, but leaving it "just like > that" creates ssecurity breach (imagine someone droping user, > beliving that everytinh is o.k.), than someone else creates > different user but with keeping unused sysid (this might be the case > with system users and keeping system user-id with database user-id > the same) - which happens to be "not unused". i'm not sure if i'm > clear about it.
Wouldn't an ON DELETE trigger on the system catalogs work? I'd think it would be possible to select the tables and groups that a user had privs to and iterate through each calling REVOKE. -sc -- Sean Chittenden
msg05642/pgp00000.pgp
Description: PGP signature
