Re: DROP PRIVILEGES OWNED BY

On 12/15/2014 02:43 AM, Marko Tiikkaja wrote:
> This week I had a problem where I wanted to drop only the privileges a
> certain role had in the system, while keeping all the objects.  I
> couldn't figure out a reasonable way to do that, so I've attached a
> patch for this to this email.  Please consider it for inclusion into
> 9.5.  The syntax is:
>
>     DROP PRIVILEGES OWNED BY role [, ...]
>
> I at some point decided to implement it as a new command instead of
> changing DropOwnedStmt, and I think that might have been a mistake.  It
> might have made more sense to instead teach DROP OWNED to accept a
> specification of which things to drop.  But the proposal is more
> important than such details, I think.

DROP seems like the wrong verb here. DROP is used for deleting objects, 
while REVOKE is used for removing permissions from them. REVOKE already 
has something similar:

REVOKE ALL PRIVILEGES ON ALL TABLES IN SCHEMA public FROM heikki;

Following that style, how about making the syntax:

REVOKE ALL PRIVILEGES ON ALL OBJECTS FROM <role>

or just:

REVOKE ALL PRIVILEGES FROM <role>;

- Heikki