具有默认特权的PostgreSQL放置角色

时间:2019-01-07 14:19:23

标签: postgresql roles ddl database-permissions

我正尝试放弃一个角色,并切断了与该角色的所有联系,但是我无法解决一个挥之不去的问题。当我运行此命令时:

drop role hank

它告诉我:

ERROR:  role "hank" cannot be dropped because some objects depend on it
DETAIL:  privileges for default privileges on new functions belonging to role brandon in schema alteryx
privileges for default privileges on new relations belonging to role brandon in schema alteryx

此DDL存在于架构中:

ALTER DEFAULT PRIVILEGES IN SCHEMA alteryx
GRANT INSERT, SELECT, UPDATE, DELETE, TRUNCATE, REFERENCES, TRIGGER ON TABLES
TO hank;

ALTER DEFAULT PRIVILEGES IN SCHEMA alteryx
GRANT EXECUTE ON FUNCTIONS TO hank;

当我在它们上执行revoke时,命令成功执行,但特权保持不变。

我已经搜索了DDL,并且不尝试级联就找不到解决该问题的方法。

欢迎任何指导。

1 个答案:

答案 0 :(得分:3)

您必须运行以下两条语句来摆脱阻止您的默认特权:

ALTER DEFAULT PRIVILEGES FOR ROLE brandon IN SCHEMA alteryx
   REVOKE ALL ON TABLES FROM hank;
ALTER DEFAULT PRIVILEGES FOR ROLE brandon IN SCHEMA alteryx
   REVOKE ALL ON FUNCTIONS FROM hank;