- DROP ROLE removes the specified role(s). To drop a superuser role, you must be a superuser yourself; to drop non-superuser roles, you must have CREATEROLE privilege.
- A role cannot be removed if it is still referenced in any database of the cluster; an error will be raised if so. Before dropping the role, you must drop all the objects it owns (or reassign their ownership) and revoke any privileges the role has been granted on other objects.
- dropuser removes an existing PostgreSQL user and the databases which that user owned. Only superusers (users with usesuper set in the pg_shadow table) can destroy PostgreSQL users
DROP ROLE [ IF EXISTS ] name [, ...]
Parameters
|
EXPLANATION
|
IF EXISTS
|
Do not throw an error if the role does not exist. A notice is issued in this case.
|
name
|
The name of the role to remove.
|
Examples:
--Here we are dropping simple u7 user that user have not any objects so you can drop that role simple drop user command
postgres=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------+-----------
nijam | | {}
postgres | Superuser, Create role, Create DB, Replication | {}
rep | Replication +| {}
| 1 connection |
u1 | | {}
u2 | | {}
u3 | Password valid until 2017-06-06 00:00:00-04 | {}
u4 | Create DB | {}
u5 | | {}
u6 | | {}
u7 | | {}
u8 | Superuser, Create role, Create DB | {}
postgres=# drop role u7; DROP ROLE
postgres=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------+-----------
nijam | | {}
postgres | Superuser, Create role, Create DB, Replication | {}
rep | Replication +| {}
| 1 connection |
u1 | | {}
u2 | | {}
u3 | Password valid until 2017-06-06 00:00:00-04 | {}
u4 | Create DB | {}
u5 | | {}
u6 | | {}
u8 | Superuser, Create role, Create DB | {}
--drop the user from non superuser
postgres=> \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------+-----------
nijam | | {}
postgres | Superuser, Create role, Create DB, Replication | {}
rep | Replication +| {}
| 1 connection |
u1 | | {}
u2 | | {}
u3 | Password valid until 2017-06-06 00:00:00-04 | {}
u4 | Create DB | {}
u5 | | {}
u6 | | {}
u8 | Superuser, Create role, Create DB | {}
postgres=> \conninfo
You are connected to database "postgres" as user "u2" via socket in "/tmp" at port "5432".
postgres=> drop user u4;
ERROR: permission denied to drop role
--connect as u4 user this user having createdb privileges
-bash-3.2# ./psql -U u4
Password for user u4:
postgres=> drop user u1;
ERROR: permission denied to drop role
Note:you cannot drop user without superuser privileges
--Now connect as u8 user this user having superuser privileges so this user can drop any user
-bash-3.2# ./psql -U u8
Password for user u8:
psql.bin (9.3.14)
Type "help" for help.
No entry for terminal type "xterm";
using dumb terminal settings.
postgres=# drop user u5;
DROP ROLE
postgres=# drop user u4;
DROP ROLE
postgres=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------+-----------
nijam | | {}
postgres | Superuser, Create role, Create DB, Replication | {}
rep | Replication +| {}
| 1 connection |
u1 | | {}
u2 | | {}
u3 | Password valid until 2017-06-06 00:00:00-04 | {}
u6 | | {}
u8 | Superuser, Create role, Create DB | {}
--Even superuser(u8) can drop any supser user(u1)
postgres=# alter user u1 superuser;
ALTER ROLE
postgres=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------+-----------
nijam | | {}
postgres | Superuser, Create role, Create DB, Replication | {}
rep | Replication +| {}
| 1 connection |
u1 | Superuser | {}
u2 | | {}
u3 | Password valid until 2017-06-06 00:00:00-04 | {}
u6 | | {}
u8 | Superuser, Create role, Create DB | {}
postgres=# drop user u1;
DROP ROLE
postgres=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------+-----------
nijam | | {}
postgres | Superuser, Create role, Create DB, Replication | {}
rep | Replication +| {}
| 1 connection |
u2 | | {}
u3 | Password valid until 2017-06-06 00:00:00-04 | {}
u6 | | {}
u8 | Superuser, Create role, Create DB | {}
---if user having any objects means if u2 user having any owned tables means you cannot drop that user specifying simple drop command you need to specify OWNED BY keywords
-bash-3.2# ./psql -U u2
Password for user u2:
psql.bin (9.3.14)
Type "help" for help.
No entry for terminal type "xterm";
using dumb terminal settings.
postgres=> create table t2 as select * from pg_user;
SELECT 7
--connect as superuser u8 and drop u2 user it throw error
-bash-3.2# ./psql -U u8
Password for user u8:
psql.bin (9.3.14)
Type "help" for help.
No entry for terminal type "xterm";
using dumb terminal settings.
postgres=# drop user u2;
ERROR: role "u2" cannot be dropped because some objects depend on it
DETAIL: owner of table t2
solution:
YOU CAN GIVE SOLUTION TWO WAYS THEY ARE
1.REASSIGN OWNED--user can deleted easily without affectd any own objects
2.OWNED BY -- Here two option os there one is restrict another is cascade.
1.REASSIGN OWNED METHOD
postgres=# \dt
List of relations
Schema | Name | Type | Owner
--------+------+-------+----------
public | t1 | table | postgres
public | t2 | table | u2
(2 rows)
postgres=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------+-----------
nijam | | {}
postgres | Superuser, Create role, Create DB, Replication | {}
rep | Replication +| {}
| 1 connection |
u2 | | {}
u3 | Password valid until 2017-06-06 00:00:00-04 | {}
u6 | | {}
u8 | Superuser, Create role, Create DB | {}
postgres=# REASSIGN OWNED BY u2 to u6;
REASSIGN OWNED
postgres=# drop user u2;
DROP ROLE
postgres=# \dt
List of relations
Schema | Name | Type | Owner
--------+------+-------+----------
public | t1 | table | postgres
public | t2 | table | u6
(2 rows)
2.OWNED BY METHD
syntax:
DROP OWNED BY name [, ...] [ CASCADE | RESTRICT ]
HERE IS TWO TYPE
1.RESTRICT
2.CASCADE
--connect as u9 user and create some objects postgres=# create user u9 with password 'u9'; CREATE ROLE -bash-3.2# ./psql -U u9 Password for user u9: psql.bin (9.3.14) Type "help" for help. No entry for terminal type "xterm"; using dumb terminal settings. postgres=> create table t5 as select * from pg_user; SELECT 7 --connect as super user and delete u9 user -bash-3.2# ./psql -U u8 Password for user u8: psql.bin (9.3.14) Type "help" for help. No entry for terminal type "xterm"; using dumb terminal settings. postgres=# drop user u9; ERROR: role "u9" cannot be dropped because some objects depend on it DETAIL: owner of table t5
Solution:
1.RESTRICT METHOD--DROP ONLY OWNERS OBJECTS NOT USER:
Refuse to drop the objects owned by a role if any other database objects depend on one of the affected objects. This is the default.
postgres=# \dt
List of relations
Schema | Name | Type | Owner
--------+------+-------+----------
public | t1 | table | postgres
public | t2 | table | u6
public | t5 | table | u9
(3 rows)
postgres=# drop owned by u9 restrict;
DROP OWNED
postgres=# \dt
List of relations
Schema | Name | Type | Owner
--------+------+-------+----------
public | t1 | table | postgres
public | t2 | table | u6
(2 rows)
postgres=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------+-----------
nijam | | {}
postgres | Superuser, Create role, Create DB, Replication | {}
rep | Replication +| {}
| 1 connection |
u3 | Password valid until 2017-06-06 00:00:00-04 | {}
u6 | | {}
u8 | Superuser, Create role, Create DB | {}
u9 | | {}
2.CASCADE METHOD--DROP ONLY OWNERS OBJECTS NOT USER:
Automatically drop objects that depend on the affected objects
-bash-3.2# ./psql -U u9
Password for user u9:
psql.bin (9.3.14)
Type "help" for help.
No entry for terminal type "xterm";
using dumb terminal settings.
postgres=> create table t7 as select * from pg_user;
SELECT 7
postgres=> \q
-bash-3.2# ./psql -U u8
Password for user u8:
psql.bin (9.3.14)
Type "help" for help.
No entry for terminal type "xterm";
using dumb terminal settings.
postgres=# \dt
List of relations
Schema | Name | Type | Owner
--------+------+-------+----------
public | t1 | table | postgres
public | t2 | table | u6
public | t7 | table | u9
(3 rows)
postgres=# drop owned by u9 cascade;
DROP OWNED
postgres=# \dt
List of relations
Schema | Name | Type | Owner
--------+------+-------+----------
public | t1 | table | postgres
public | t2 | table | u6
(2 rows)
postgres=# \du
List of roles
Role name | Attributes | Member of
-----------+------------------------------------------------+-----------
nijam | | {}
postgres | Superuser, Create role, Create DB, Replication | {}
rep | Replication +| {}
| 1 connection |
u3 | Password valid until 2017-06-06 00:00:00-04 | {}
u6 | | {}
u8 | Superuser, Create role, Create DB | {}
u9 | | {}
postgres=# drop user u9;
DROP ROLE
Another Example For DROP OWNED
For restrict option
--CONNECT AS SUPERUSER AND CREATE DB2 DATABASE -bash-3.2# ./psql -U u8 Password for user u8: psql.bin (9.3.14) Type "help" for help. No entry for terminal type "xterm"; using dumb terminal settings. postgres=# create database db2; CREATE DATABASE --CONNECT AS NORMAL U9 USER AT DB2 DATABASE AND CREATE SOME OBJECTS -bash-3.2# ./psql -U u9 -d db2 Password for user u9: psql.bin (9.3.14) Type "help" for help. No entry for terminal type "xterm"; using dumb terminal settings. db2=> create table t8 as select * from pg_user; SELECT 7 --CONNECT SUPER USER DATABASE AS U8 USER AND ISSUE THE COMMAND "DROP OWN RESTRICT" THIS COMMAND CANNOT DROP THE OTHER DATABASE OBJECTS -bash-3.2# ./psql -U u8 -d postgres Password for user u8: psql.bin (9.3.14) Type "help" for help. No entry for terminal type "xterm"; using dumb terminal settings. postgres=# postgres=# drop owned by u9 restrict; DROP OWNED --CONNECT THE DB2 DATABASE AS U9 USER AND CHECK THE "T8" TABLE -bash-3.2# ./psql -U u9 -d db2 Password for user u9: psql.bin (9.3.14) Type "help" for help. No entry for terminal type "xterm"; using dumb terminal settings. db2=> \dt List of relations Schema | Name | Type | Owner --------+------+-------+------- public | t8 | table | u9 (1 row) -bash-3.2# ./psql -U u8 -d postgres Password for user u8: psql.bin (9.3.14) Type "help" for help. No entry for terminal type "xterm"; using dumb terminal settings. postgres=#
For cascade option
--CONNECT THE POSTGRES DATABSE AND ISSUE THE CASCADE OPTION
-bash-3.2# ./psql -U u8 -d postgres
Password for user u8:
psql.bin (9.3.14)
Type "help" for help.
No entry for terminal type "xterm";
using dumb terminal settings.
postgres=# drop owned by u9 cascade;
DROP OWNED
--CONNECT THE DB2 DATABASE AS U9 USER AND CHECK THE "T8" TABLE
-bash-3.2# ./psql -U u9 -d db2
Password for user u9:
psql.bin (9.3.14)
Type "help" for help.
No entry for terminal type "xterm";
using dumb terminal settings.
db2=> \dt
List of relations
Schema | Name | Type | Owner
--------+------+-------+-------
public | t8 | table | u9
(1 row)
No comments:
Post a Comment