Re: REVOKE ALL

David Legault wrote:
> Hello,
>
> Is there a way to revoke all privileges of a role without actually
> specifying the whole list of items.
>
> Like if a role has privileges on FUNCTIONs, is there a REVOKE all
> FUNCTIONS.

There's no GRANT/REVOKE <perm> ON public.* command format, but there are
plenty of plpgsql functions that do something of the sort.

> Is there a way to check if it has a GRANT in a particular type (CONNECT,
> FUNCTION, TRIGGER) before calling the REVOKE command?

You can wrap it in a function and check the system catalogues or use the
has_xxx_privilege() functions, otherwise no.

> Also, if I do a GRANT CONNECT ON DATABASE X TO Y, will Y be able to connect
> to other databases if I haven't given him permission to do so (what is the
> default value when a role is created since roles are global)?

By default all users can connect to all databases. This is limited by
your pg_hba.conf settings and after that by GRANT CONNECT;

--
   Richard Huxton
   Archonet Ltd