On 12/15/2014 02:43 AM, Marko Tiikkaja wrote:
This week I had a problem where I wanted to drop only the privileges a certain role had in the system, while keeping all the objects. I couldn't figure out a reasonable way to do that, so I've attached a patch for this to this email. Please consider it for inclusion into 9.5. The syntax is:DROP PRIVILEGES OWNED BY role [, ...] I at some point decided to implement it as a new command instead of changing DropOwnedStmt, and I think that might have been a mistake. It might have made more sense to instead teach DROP OWNED to accept a specification of which things to drop. But the proposal is more important than such details, I think.
DROP seems like the wrong verb here. DROP is used for deleting objects, while REVOKE is used for removing permissions from them. REVOKE already has something similar:
REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA public FROM heikki; Following that style, how about making the syntax: REVOKE ALL PRIVILEGES ON ALL OBJECTS FROM <role> or just: REVOKE ALL PRIVILEGES FROM <role>; - Heikki -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
