David Johnston wrote: > Wojciechowski, Robert (GE Transportation) wrote > > [...] there is a database that shows this connect grant to a user that was > > known as foo1_userA (oid 3562339547): 3562339547=c/postgres > > The main user dependent situation is having said user OWNER on a database > object. Simply giving a user connect privileges on a database does not make > the database dependent upon said user and so removing said user remains > possible. Dropping a user which is either a database owner or has been granted CONNECT privileges is supposed to be disallowed: alvherre=# create user f; CREATE ROLE alvherre=# create database f owner f; CREATE DATABASE alvherre=# drop role f; ERROR: role "f" cannot be dropped because some objects depend on it DETALLE: owner of database f alvherre=# create role g; CREATE ROLE alvherre=# grant connect on database f to g; GRANT alvherre=# drop role g; ERROR: role "g" cannot be dropped because some objects depend on it DETALLE: privileges for database f We're supposed to have sufficient locking so that concurrent transactions don't see problems either (one xact drops the user while the other creates the database), but maybe there are bugs somewhere. -- Álvaro Herrera http://www.2ndQuadrant.com/ PostgreSQL Development, 24x7 Support, Training & Services -- Sent via pgsql-admin mailing list (pgsql-admin@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-admin
