Обсуждение: Completely replacing an old user

Поиск
Список
Период
Сортировка

Completely replacing an old user

От
Koen De Groote
Дата:
All,

I am trying to set up a new user for a client application, and thus want to remove the old user afterward.

The steps are:

1/ create the new user
2/ give the new user all priviliges on database, table, sequence, function and procedures, just like the old user
3/ deply client application with the new user and credentials
3/ Swap ownership of the databases
4/ Remove privileges from the old user
5/ Drop the old user

But I'm getting stuck on one last error message:


ERROR:  role "X" cannot be dropped because some objects depend on it
DETAIL:  privileges for default privileges on new functions belonging to role postgres in schema public

The "new functions" bit is confusing. I've swapped over all the current functions, but cannot seem to find the appropriate table for privileges on new functions.


What am I missing here?

Regards,
Koen De Groote

Re: Completely replacing an old user

От
Erik Wienhold
Дата:
On 16/09/2023 20:27 CEST Koen De Groote <kdg.dev@gmail.com> wrote:

> I am trying to set up a new user for a client application, and thus want to
> remove the old user afterward.
>
> But I'm getting stuck on one last error message:
>
> ERROR:  role "X" cannot be dropped because some objects depend on it
> DETAIL:  privileges for default privileges on new functions belonging to
> role postgres in schema public

You must also revoke its default privileges before you can drop a role.
That's mentioned in the notes of ALTER DEFAULT PRIVILEGES [1].

> The "new functions" bit is confusing. I've swapped over all the current
> functions, but cannot seem to find the appropriate table for privileges on
> new functions.

psql command \ddp will show you the default privileges.

[1] https://www.postgresql.org/docs/16/sql-alterdefaultprivileges.html#SQL-ALTERDEFAULTPRIVILEGES-NOTES

--
Erik

Re: Completely replacing an old user

От
"David G. Johnston"
Дата:


On Saturday, September 16, 2023, Koen De Groote <kdg.dev@gmail.com> wrote:


ERROR:  role "X" cannot be dropped because some objects depend on it
DETAIL:  privileges for default privileges on new functions belonging to role postgres in schema public

The "new functions" bit is confusing. I've swapped over all the current functions, but cannot seem to find the appropriate table for privileges on new functions.


What am I missing here?

Alter default privileges.

And…


David J.

Re: Completely replacing an old user

От
Pepe TD Vo
Дата:

Sound like this is actually an alias for DROP ROLE.

You have to explicitly drop any privileges associated with that user, also to move its ownership to other roles (or drop the object).
reassign owned by <olduser> to <nnewuser> ;
and then 
drop owned by <olduser>;
The latter will remove any privileges granted to the user.


Bach-Nga

No one in this world is pure and perfect.  If you avoid people for their mistakes you will be alone. So judge less, love, and forgive more.EmojiEmojiEmoji
To call him a dog hardly seems to do him justice though in as much as he had four legs, a tail, and barked, I admit he was, to all outward appearances. But to those who knew him well, he was a perfect gentleman (Hermione Gingold)

**Live simply **Love generously **Care deeply **Speak kindly.
*** Genuinely rich *** Faithful talent *** Sharing success




On Saturday, September 16, 2023 at 02:28:13 PM EDT, Koen De Groote <kdg.dev@gmail.com> wrote:


All,

I am trying to set up a new user for a client application, and thus want to remove the old user afterward.

The steps are:

1/ create the new user
2/ give the new user all priviliges on database, table, sequence, function and procedures, just like the old user
3/ deply client application with the new user and credentials
3/ Swap ownership of the databases
4/ Remove privileges from the old user
5/ Drop the old user

But I'm getting stuck on one last error message:


ERROR:  role "X" cannot be dropped because some objects depend on it
DETAIL:  privileges for default privileges on new functions belonging to role postgres in schema public

The "new functions" bit is confusing. I've swapped over all the current functions, but cannot seem to find the appropriate table for privileges on new functions.


What am I missing here?

Regards,
Koen De Groote

Re: Completely replacing an old user

От
Koen De Groote
Дата:
Right, from reading the responses, it seems my previous efforts ignored the privileges on schema, and I focused only on database and everything dependent on the database object.

With altering default privileges on the schema, my issue is solved.

Thanks to all who contributed.

Regards,
Koen De Groote

On Sat, Sep 16, 2023 at 8:27 PM Koen De Groote <kdg.dev@gmail.com> wrote:
All,

I am trying to set up a new user for a client application, and thus want to remove the old user afterward.

The steps are:

1/ create the new user
2/ give the new user all priviliges on database, table, sequence, function and procedures, just like the old user
3/ deply client application with the new user and credentials
3/ Swap ownership of the databases
4/ Remove privileges from the old user
5/ Drop the old user

But I'm getting stuck on one last error message:


ERROR:  role "X" cannot be dropped because some objects depend on it
DETAIL:  privileges for default privileges on new functions belonging to role postgres in schema public

The "new functions" bit is confusing. I've swapped over all the current functions, but cannot seem to find the appropriate table for privileges on new functions.


What am I missing here?

Regards,
Koen De Groote

Re: Completely replacing an old user

От
M Sarwar
Дата:
Hi Pepe,
You are right. It got dropped after revoking the privileges.
Thank you so much,
Sarwar

From: Pepe TD Vo <pepevo@yahoo.com>
Sent: Saturday, September 16, 2023 6:46 PM
To: pgsql-admin@lists.postgresql.org <pgsql-admin@lists.postgresql.org>; Koen De Groote <kdg.dev@gmail.com>
Subject: Re: Completely replacing an old user
 

Sound like this is actually an alias for DROP ROLE.

You have to explicitly drop any privileges associated with that user, also to move its ownership to other roles (or drop the object).
reassign owned by <olduser> to <nnewuser> ;
and then 
drop owned by <olduser>;
The latter will remove any privileges granted to the user.


Bach-Nga

No one in this world is pure and perfect.  If you avoid people for their mistakes you will be alone. So judge less, love, and forgive more.EmojiEmojiEmoji
To call him a dog hardly seems to do him justice though in as much as he had four legs, a tail, and barked, I admit he was, to all outward appearances. But to those who knew him well, he was a perfect gentleman (Hermione Gingold)

**Live simply **Love generously **Care deeply **Speak kindly.
*** Genuinely rich *** Faithful talent *** Sharing success




On Saturday, September 16, 2023 at 02:28:13 PM EDT, Koen De Groote <kdg.dev@gmail.com> wrote:


All,

I am trying to set up a new user for a client application, and thus want to remove the old user afterward.

The steps are:

1/ create the new user
2/ give the new user all priviliges on database, table, sequence, function and procedures, just like the old user
3/ deply client application with the new user and credentials
3/ Swap ownership of the databases
4/ Remove privileges from the old user
5/ Drop the old user

But I'm getting stuck on one last error message:


ERROR:  role "X" cannot be dropped because some objects depend on it
DETAIL:  privileges for default privileges on new functions belonging to role postgres in schema public

The "new functions" bit is confusing. I've swapped over all the current functions, but cannot seem to find the appropriate table for privileges on new functions.


What am I missing here?

Regards,
Koen De Groote