can't revoke a custom privilege
See original GitHub issueI follow an example from https://ldap2pg.readthedocs.io/en/latest/privileges/#defining-custom-privilege to define a custom privilege:
inspect query for datacl must return a rowset with two columns, the first is unused, the second is the name of grantee.
privileges:
my_grant_all_on_database_privilege:
type: datacl
grant: GRANT ALL ON DATABASE {database} TO {role};
revoke: REVOKE ALL ON DATABASE {database} FROM {role};
inspect: SELECT 1, 'admin';
sync_map:
- grant:
database: mydb
schema: public
privilege: my_grant_all_on_database_privilege
role: admin
The privilege does get granted, but it can’t be revoked. My question is what would be a proper “inspect” definition in this case?
Issue Analytics
- State:
- Created 5 years ago
- Comments:8 (5 by maintainers)
Top Results From Across the Web
I can't revoke execute from function in custom schema
REVOKE ALL ON SCHEMA PUBLIC FROM PUBLIC; ALTER DEFAULT PRIVILEGES ... Revoking the privilege from some other role will have no effect.
Read more >Cannot revoke default privileges from postgresql user
Try to revoke the execute privilege for the role pgsql, as pgsql (a superuser). pgsql@[local]:5432:pgsql:=# ALTER DEFAULT PRIVILEGES FOR ROLE ...
Read more >No privileges could be revoked for "public" warning in RDS ...
When you revoke the CREATE privilege on the public schema for an Amazon RDS PostgreSQL DB instance, you can receive a warning message...
Read more >REVOKE
The REVOKE statement can revoke only privileges and roles that were previously granted directly with a GRANT statement. You cannot use this statement...
Read more >REVOKE statement - IBM
Use the REVOKE statement to cancel access privileges or roles that are held by users, by roles, or by PUBLIC, or to cancel...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@ankravch oh, yes, you’re right.
schema
is not actually ignore. I must fix that ! Thanks for pointing it.Good ! 😃 I’m listing here what should be done to help other users in you’re situation. Please let me know if something is missing or wrong :
Tasks
Ok, let’s close. @ankravch don’t hesitate to comment #251 if you find the doc is not clear enough. Thanks !