patternsqlMajor
Find objects linked to a PostgreSQL role
Viewed 0 times
postgresqlobjectsrolefindlinked
Problem
Some times ago I created a PostgreSQL user named user1 (PostgreSQL 9.4.9).
I want to drop this user. So I first revoke all permissions on tables, sequences, functions, default privileges and ownership too:
However it seems that one object remains linked to this user in 2 databases:
It even seems to be a function:
But I can not determine which object is owned or related to user1.
If I
How can I identify the missing object?
I have executed the commands in each database (db1 and db2). I do not want to drop objects owned by
I want to drop this user. So I first revoke all permissions on tables, sequences, functions, default privileges and ownership too:
ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE ALL ON SEQUENCES FROM user1;
ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE ALL ON TABLES FROM user1;
ALTER DEFAULT PRIVILEGES IN SCHEMA public REVOKE ALL ON FUNCTIONS FROM user1;
REVOKE ALL ON ALL SEQUENCES IN SCHEMA public FROM user1;
REVOKE ALL ON ALL TABLES IN SCHEMA public FROM user1;
REVOKE ALL ON ALL FUNCTIONS IN SCHEMA public FROM user1;
REASSIGN OWNED BY user1 TO postgres;However it seems that one object remains linked to this user in 2 databases:
postgres=# DROP ROLE user1;
ERROR: role "user1" cannot be dropped because some objects depend on it
DETAIL: 1 object in database db1
1 object in database db2It even seems to be a function:
postgres=# \c db1
You are now connected to database "db1" as user "postgres".
db1=# DROP ROLE user1;
ERROR: role "user1" cannot be dropped because some objects depend on it
DETAIL: privileges for function text(boolean)
1 object in database db2But I can not determine which object is owned or related to user1.
If I
pg_dump -s db1 | grep user1 I get no result! Could it be a global object?How can I identify the missing object?
I have executed the commands in each database (db1 and db2). I do not want to drop objects owned by
user1, just want to reassign or remove grants for this user.Solution
Answer to question asked
To look for the function in the error message and its owner:
Related:
Actual problem
The error message says:
DETAIL: privileges for function text(boolean)
It's not about ownership but about privileges.
The manual for
Before dropping the role, you must drop all the objects it owns (or
reassign their ownership) and revoke any privileges the role has been
granted on other objects.
And for
If you wish to drop a role for which the default privileges have been
altered, it is necessary to reverse the changes in its default
privileges or use
entry for the role.
It also looks like you only executed
Because
databases, it is usually necessary to execute this command in each
database that contains objects owned by a role that is to be removed.
Bold emphasis mine.
And you restricted your commands with
Simple solution with
All the role's objects changed ownership to
owned by one of the specified roles. Any privileges granted to the
given roles on objects in the current database and on shared objects
(databases, tablespaces) will also be revoked.
Repeat in all relevant DBs, then you can move in for the kill:
To look for the function in the error message and its owner:
SELECT oid::regprocedure AS function
, pg_get_userbyid(proowner) AS owner
FROM pg_proc
WHERE oid = 'text(boolean)'::regprocedure;Related:
- DROP FUNCTION without knowing the number/type of parameters?
Actual problem
The error message says:
DETAIL: privileges for function text(boolean)
It's not about ownership but about privileges.
The manual for
DROP ROLE:Before dropping the role, you must drop all the objects it owns (or
reassign their ownership) and revoke any privileges the role has been
granted on other objects.
And for
ALTER DEFAULT PRIVILEGES:If you wish to drop a role for which the default privileges have been
altered, it is necessary to reverse the changes in its default
privileges or use
DROP OWNED BY to get rid of the default privilegesentry for the role.
It also looks like you only executed
REASSIGN OWNED in one DB, but the manual instructs: Because
REASSIGN OWNED does not affect objects within otherdatabases, it is usually necessary to execute this command in each
database that contains objects owned by a role that is to be removed.
Bold emphasis mine.
And you restricted your commands with
IN SCHEMA public. Drop that clause to target the whole DB. But don't bother, there is a ...Simple solution with
DROP OWNEDREASSIGN OWNED BY user1 TO postgres;
DROP OWNED BY user1;All the role's objects changed ownership to
postgres with the first command and are safe now. The wording of DROP OWNED is a bit misleading, since it also gets rid of all privileges and default privileges. The manual for DROP OWNED:DROP OWNED drops all the objects within the current database that areowned by one of the specified roles. Any privileges granted to the
given roles on objects in the current database and on shared objects
(databases, tablespaces) will also be revoked.
Repeat in all relevant DBs, then you can move in for the kill:
DROP ROLE user1;Code Snippets
SELECT oid::regprocedure AS function
, pg_get_userbyid(proowner) AS owner
FROM pg_proc
WHERE oid = 'text(boolean)'::regprocedure;REASSIGN OWNED BY user1 TO postgres;
DROP OWNED BY user1;DROP ROLE user1;Context
StackExchange Database Administrators Q#155332, answer score: 21
Revisions (0)
No revisions yet.