On Thursday, February 20, 2025, David G. Johnston < david.g.johns...@gmail.com> wrote:
> On Thursday, February 20, 2025, Dominique Devienne <ddevie...@gmail.com> > wrote: > >> Hi. Today I was surprised that REVOKE ALL ON DATABASE FROM ROLE silently >> did nothing, even with CASCADE, when I was running it as SUPERUSER, >> preventing DROP'ing the ROLE. I had to manually SET ROLE to the GRANTOR, do >> the REVOKE, which DID something this time, and then I could DROP the role. >> >> That's hardly convenient :). And I was helping someone else who couldn't >> figure out how to drop that role. Isn't there a better way? >> >> I thought SUPERUSER was more powerful that than. Why isn't it? >> > > This has nothing to do with power/permissions. It is about not specifying > “granted by” in your SQL command and thus failing to fully and correctly > specify the single permission you want to revoke. > Well, not “single permission” but the ALL only applies to the permission types, not actually everything for all grantors. David J.
