Baoding-FenShuaJiang
/
Green_GoodERP18_FSJ_Standard
Прати 1
Волим 0
Вики 捐赠
gooderp18绿色标准版
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Грана: master
Гране Ознаке
${ item.name }
Create branch ${ searchTerm }
from 'master'
${ noResults }
Green_GoodERP18_FSJ_Standard/PostgreSQL/doc/postgresql/html/role-removal.html

54 lines
5.2KB
Датотека Пермалинк Blame Историја 

  1. <?xml version="1.0" encoding="UTF-8" standalone="no"?>

  2. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title>21.4. Dropping Roles</title><link rel="stylesheet" type="text/css" href="stylesheet.css" /><link rev="made" href="pgsql-docs@lists.postgresql.org" /><meta name="generator" content="DocBook XSL Stylesheets V1.79.1" /><link rel="prev" href="role-membership.html" title="21.3. Role Membership" /><link rel="next" href="default-roles.html" title="21.5. Default Roles" /></head><body><div xmlns="http://www.w3.org/TR/xhtml1/transitional" class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="5" align="center">21.4. Dropping Roles</th></tr><tr><td width="10%" align="left"><a accesskey="p" href="role-membership.html" title="21.3. Role Membership">Prev</a> </td><td width="10%" align="left"><a accesskey="u" href="user-manag.html" title="Chapter 21. Database Roles">Up</a></td><th width="60%" align="center">Chapter 21. Database Roles</th><td width="10%" align="right"><a accesskey="h" href="index.html" title="PostgreSQL 12.4 Documentation">Home</a></td><td width="10%" align="right"> <a accesskey="n" href="default-roles.html" title="21.5. Default Roles">Next</a></td></tr></table><hr></hr></div><div class="sect1" id="ROLE-REMOVAL"><div class="titlepage"><div><div><h2 class="title" style="clear: both">21.4. Dropping Roles</h2></div></div></div><p>

  3.    Because roles can own database objects and can hold privileges

  4.    to access other objects, dropping a role is often not just a matter of a

  5.    quick <a class="xref" href="sql-droprole.html" title="DROP ROLE"><span class="refentrytitle">DROP ROLE</span></a>.  Any objects owned by the role must

  6.    first be dropped or reassigned to other owners; and any permissions

  7.    granted to the role must be revoked.

  8.   </p><p>

  9.    Ownership of objects can be transferred one at a time

  10.    using <code class="command">ALTER</code> commands, for example:

  11. </p><pre class="programlisting">

  12. ALTER TABLE bobs_table OWNER TO alice;

  13. </pre><p>

  14.    Alternatively, the <a class="xref" href="sql-reassign-owned.html" title="REASSIGN OWNED"><span class="refentrytitle">REASSIGN OWNED</span></a> command can be

  15.    used to reassign ownership of all objects owned by the role-to-be-dropped

  16.    to a single other role.  Because <code class="command">REASSIGN OWNED</code> cannot access

  17.    objects in other databases, it is necessary to run it in each database

  18.    that contains objects owned by the role.  (Note that the first

  19.    such <code class="command">REASSIGN OWNED</code> will change the ownership of any

  20.    shared-across-databases objects, that is databases or tablespaces, that

  21.    are owned by the role-to-be-dropped.)

  22.   </p><p>

  23.    Once any valuable objects have been transferred to new owners, any

  24.    remaining objects owned by the role-to-be-dropped can be dropped with

  25.    the <a class="xref" href="sql-drop-owned.html" title="DROP OWNED"><span class="refentrytitle">DROP OWNED</span></a> command.  Again, this command cannot

  26.    access objects in other databases, so it is necessary to run it in each

  27.    database that contains objects owned by the role.  Also, <code class="command">DROP

  28.    OWNED</code> will not drop entire databases or tablespaces, so it is

  29.    necessary to do that manually if the role owns any databases or

  30.    tablespaces that have not been transferred to new owners.

  31.   </p><p>

  32.    <code class="command">DROP OWNED</code> also takes care of removing any privileges granted

  33.    to the target role for objects that do not belong to it.

  34.    Because <code class="command">REASSIGN OWNED</code> does not touch such objects, it's

  35.    typically necessary to run both <code class="command">REASSIGN OWNED</code>

  36.    and <code class="command">DROP OWNED</code> (in that order!) to fully remove the

  37.    dependencies of a role to be dropped.

  38.   </p><p>

  39.    In short then, the most general recipe for removing a role that has been

  40.    used to own objects is:

  41.   </p><pre class="programlisting">

  42. REASSIGN OWNED BY doomed_role TO successor_role;

  43. DROP OWNED BY doomed_role;

  44. -- repeat the above commands in each database of the cluster

  45. DROP ROLE doomed_role;

  46. </pre><p>

  47.    When not all owned objects are to be transferred to the same successor

  48.    owner, it's best to handle the exceptions manually and then perform

  49.    the above steps to mop up.

  50.   </p><p>

  51.    If <code class="command">DROP ROLE</code> is attempted while dependent objects still

  52.    remain, it will issue messages identifying which objects need to be

  53.    reassigned or dropped.

  54.   </p></div><div class="navfooter"><hr /><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="role-membership.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="user-manag.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="default-roles.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">21.3. Role Membership </td><td width="20%" align="center"><a accesskey="h" href="index.html">Home</a></td><td width="40%" align="right" valign="top"> 21.5. Default Roles</td></tr></table></div></body></html>
上海开阖软件有限公司 沪ICP备12045867号-1