On Sat, Apr 3, 2010 at 5:27 PM, Tom Lane <t...@sss.pgh.pa.us> wrote: > I wrote: >> Yeah. The problem here is that once you've created an entry in >> pg_default_acl, there is no way to make it go away. > > Actually that's not true: you can get rid of it with DROP OWNED BY. > This fact is even documented in the ALTER DEFAULT PRIVILEGES manual > page: > > If you wish to drop a role that has had its global default > privileges altered, it is necessary to use DROP OWNED BY first, > to get rid of the default privileges entry for the role. >
ah! i obviously didn't read the manual in detail :) > Not sure if this is good enough or we need to provide some more-obvious > way of dealing with it. > it's strange that a REVOKE doesn't clean what a GRANT did, and DROP OWNED BY seems very dangerous (at least if i forgot to make REASSIGN OWNED first). we can let it as it is, but at least we can add a HINT for use DROP OWNED BY having execute REASSIGN OWNED first... or we can make what seems more reasonable, make the REVOKE clean the mess :) if you prefer the second way i can try to prepare a patch -- Atentamente, Jaime Casanova Soporte y capacitación de PostgreSQL Asesoría y desarrollo de sistemas Guayaquil - Ecuador Cel. +59387171157 -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
