How to remove user specific grant and revoke

Andrus <kobruleht2@xxxxxx> · Sat, 3 Jun 2023 10:16:54 +0300



    User groups table is defined as

      
          CREATE TABLE IF NOT EXISTS public.kaspriv

          (

              id serial primary key,

              user character(10) NOT NULL,

              group character(35) NOT NULL

          ...

          )

      
      There are hundreds of users. Earlier time grant and revoke
      commands were executed for every user separately. Later revoke and
      grant commands for public were added:

      
          REVOKE ALL ON TABLE public.kaspriv FROM PUBLIC;

          GRANT SELECT ON TABLE public.kaspriv TO PUBLIC;

      
      pgAdmin SQL tab still shows revoke and grant commands for every
      user also:

      
          REVOKE ALL ON TABLE public.kaspriv FROM PUBLIC;

          REVOKE ALL ON TABLE public.kaspriv FROM someuser;

          REVOKE ALL ON TABLE public.kaspriv FROM someotheruser;

          ...

          GRANT SELECT ON TABLE public.kaspriv TO PUBLIC;

          GRANT SELECT ON TABLE public.kaspriv TO someuser;

          GRANT SELECT ON TABLE public.kaspriv TO someother;

          ...

      
      How to remove those unnecessary user-specific GRANT and REVOKE
      commands to make rights cleaner? pgAdmin does not have delete
      option for those.

      
      Something like

      
          DROP REVOKE ALL ON TABLE public.kaspriv FROM all EXCEPT
      public;

          DROP GRANT SELECT ON TABLE public.kaspriv FROM all EXCEPT
      public;

      
      This will be one-time action. It can be done manually in pgadmin
      or using some script running once.

      
      Using

      
          PostgreSQL 12.2 (Debian 12.2-2.pgdg100+1) on
      x86_64-pc-linux-gnu,

          compiled by gcc (Debian 8.3.0-6) 8.3.0, 64-bit

      
      and latest pgAdmin 7.2

      
      Posted also in
https://stackoverflow.com/questions/76394896/how-to-remove-unnecessary-grant-and-revoke-privileges-from-table

    
    Andrus.