473,480 Members | 1,873 Online
Bytes | Software Development & Data Engineering Community
Create Post

Home Posts Topics Members FAQ

dangling permission on tables after drop user.

I have a database which started on Pg 7.1, moved to 7.2 via
pg_dump/restore, and ultimately to Pg 7.4 likewise.

While it was in 7.2, I added one user and granted access to various
tables. After the 7.4 migration, that user was no longer needed, so
was removed via "dropuser" command line tool.

Now, when I pg_dump that db using the version 7.4.5 tools, I cannot
restore because there are still grants in there for this phantom user:

REVOKE ALL ON TABLE partners FROM PUBLIC;
GRANT INSERT,SELECT,UPDATE,DELETE ON TABLE partners TO www;
GRANT ALL ON TABLE partners TO "102";

there is no user with ID 102 in the pg_user view. pg_restore complains
about the missing user "102". And no, the user was not "102" it was
the name of a (former) employee.

My questions are:

1) did I do something wrong in dropping that user?
2) how do I fix this in my system tables?

The gross hack is to pg_restore to an ascii file and delete those GRANT
lines, but the compressed dump is over 2Gb for this database.
Vivek Khera, Ph.D.
+1-301-869-4449 x806
---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to ma*******@postgresql.org so that your
message can get through to the mailing list cleanly

Nov 23 '05 #1
6 1471
Vivek Khera wrote:

there is no user with ID 102 in the pg_user view. pg_restore complains
about the missing user "102". And no, the user was not "102" it was the
name of a (former) employee. The gross hack is to pg_restore to an ascii file and delete those GRANT
lines, but the compressed dump is over 2Gb for this database.


Am I missing something Vivek, or should the gross hack be "creating a
user with id=102" ?

--
Richard Huxton
Archonet Ltd

---------------------------(end of broadcast)---------------------------
TIP 9: the planner will ignore your desire to choose an index scan if your
joining column's datatypes do not match

Nov 23 '05 #2

On Sep 29, 2004, at 4:55 PM, Richard Huxton wrote:
Vivek Khera wrote:
there is no user with ID 102 in the pg_user view. pg_restore
complains about the missing user "102". And no, the user was not
"102" it was the name of a (former) employee.

The gross hack is to pg_restore to an ascii file and delete those
GRANT lines, but the compressed dump is over 2Gb for this database.


Am I missing something Vivek, or should the gross hack be "creating a
user with id=102" ?


And how exactly does one accomplish this? pg_users is a view so you
can't insert into it.
Vivek Khera, Ph.D.
+1-301-869-4449 x806
---------------------------(end of broadcast)---------------------------
TIP 7: don't forget to increase your free space map settings

Nov 23 '05 #3
On Wed, Sep 29, 2004 at 05:07:38PM -0400, Vivek Khera wrote:

On Sep 29, 2004, at 4:55 PM, Richard Huxton wrote:
Vivek Khera wrote:
there is no user with ID 102 in the pg_user view. pg_restore
complains about the missing user "102". And no, the user was not
"102" it was the name of a (former) employee.

The gross hack is to pg_restore to an ascii file and delete those
GRANT lines, but the compressed dump is over 2Gb for this database.


Am I missing something Vivek, or should the gross hack be "creating a
user with id=102" ?


And how exactly does one accomplish this? pg_users is a view so you
can't insert into it.


CREATE USER ... WITH SYSID 102;

--
Alvaro Herrera (<alvherre[a]dcc.uchile.cl>)
Dios hizo a Adán, pero fue Eva quien lo hizo hombre.
---------------------------(end of broadcast)---------------------------
TIP 8: explain analyze is your friend

Nov 23 '05 #4
Vivek Khera <kh***@kcilink.com> writes:
On Sep 29, 2004, at 4:55 PM, Richard Huxton wrote:
Am I missing something Vivek, or should the gross hack be "creating a
user with id=102" ?
And how exactly does one accomplish this?


CREATE USER.

regards, tom lane

---------------------------(end of broadcast)---------------------------
TIP 1: subscribe and unsubscribe commands go to ma*******@postgresql.org

Nov 23 '05 #5
On Thu, Sep 30, 2004 at 09:32:30AM -0400, Vivek Khera wrote:

On Sep 29, 2004, at 5:35 PM, Alvaro Herrera wrote:
Am I missing something Vivek, or should the gross hack be "creating a
user with id=102" ?

And how exactly does one accomplish this? pg_users is a view so you
can't insert into it.


CREATE USER ... WITH SYSID 102;


Ok. I did that. So now how do I get rid of that user and all the
grants? DROP USER ends up with the dangling GRANTs still hanging
about.

Is there no way to drop a user and have the necessary grants disappear?
How does one drop a user cleanly?


I'm afraid you'll have to ALTER TABLE (or whatever) for each of these ...
I don't think there is a command that would help you do that
automatically. You can cheat by looking at system catalogs for the
acl column (e.g. pg_class.relacl) and using that in a function.

--
Alvaro Herrera (<alvherre[a]dcc.uchile.cl>)
"El sentido de las cosas no viene de las cosas, sino de
las inteligencias que las aplican a sus problemas diarios
en busca del progreso." (Ernesto Hernández-Novich)
---------------------------(end of broadcast)---------------------------
TIP 5: Have you checked our extensive FAQ?

http://www.postgresql.org/docs/faqs/FAQ.html

Nov 23 '05 #6
On Thu, Sep 30, 2004 at 10:03:29AM -0400, Alvaro Herrera wrote:

I'm afraid you'll have to ALTER TABLE (or whatever) for each of these ...
I don't think there is a command that would help you do that
automatically. You can cheat by looking at system catalogs for the
acl column (e.g. pg_class.relacl) and using that in a function.


Andrew Hammond is about to (has?) post some helper code he has for
managing ACLs more easily.

A

--
Andrew Sullivan | aj*@crankycanuck.ca
I remember when computers were frustrating because they *did* exactly what
you told them to. That actually seems sort of quaint now.
--J.D. Baldwin

---------------------------(end of broadcast)---------------------------
TIP 8: explain analyze is your friend

Nov 23 '05 #7
Create Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
11
4394
How Can I List Tables in a DB?
by: Wayne Wengert | last post by:
I am using VS.NET 2003, VB.NET, ADO.NET and an Access 2000 database. I want to display a list of all tables in an Access database. I want to put that list of table names in a listbox so the user...
.NET Framework
0
1959
Rights question Re temp tables
by: Engwar | last post by:
I have a web application. We have two users in the db. One for the standard website user who has only read access to the db. The other is an admin user that has full access so I can create, alter...
MySQL Database
2
8657
Drop tables with unknown names and unknown quantity
by: Amy | last post by:
This is what I want to do: 1. Delete all tables in database with table names that ends with a number. 2. Leave all other tables in tact. 3. Table names are unknown. 4. Numbers attached to...
Microsoft SQL Server
13
3057
dangling pointers and security
by: Aravind | last post by:
I would like to know in what manner dangling pointers affect the security of a application developed using C++.What are the loopholes that are created by dangling pointers and how they could be...
C / C++
20
6519
Dangling pointer quiz question
by: __PPS__ | last post by:
Hello everybody in a quiz I had a question about dangling pointer: "What a dangling pointer is and the danger of using it" My answer was: "dangling pointer is a pointer that points to some...
C / C++
10
2573
Sequence question.
by: Anthony Best | last post by:
I'm working on an idea that uses sequences. I'm going to create a table like this: id serial, sequence int, keyword varchar(32), text text for every keyword there will be a uniq sequence...
PostgreSQL Database
2
1963
User permission
by: C G | last post by:
Dear All, I have a user_info table that has trigger which creates a user and switches session authorization to the new user, but it doesn't seem to work as I expect. I created the...
PostgreSQL Database
1
2004
DROP TRIGGER permission
by: Philippe Lang | last post by:
Hello, Dropping a trigger is permitted if the user is the owner of the table for which the trigger is defined. In a plpgsql function, used by different users, I need to disable some triggers...
PostgreSQL Database
2
22553
Create Procedure Permission ONLY
by: masri999 | last post by:
I have a requirement in SQL 2005 in Development database 1. Schema dbo owns all objects (tables,views,SPs,UDFs etc) . 2. Only DBA's ( who are database owners ) can create, alter tables ....
Microsoft SQL Server
0
6920
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
7103
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
1
6758
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
7010
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
5362
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
1
4799
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA
0
3011
Trying to create a lan-to-lan vpn between two differents networks
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The...
Networking - Hardware / Configuration
0
3003
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
0
1311
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated ...
C# / C Sharp

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us