11

How do I drop a role member? My role name tester is member of role postgres (which I do not want). How do I remove this membership?

 Role name | Attributes | Member of 
-----------+------------------------------------------------+------------
 tester | | {postgres}
 postgres | Superuser, Create role, Create DB, Replication | {}
user353gre3
1,4471 gold badge13 silver badges20 bronze badges
asked Oct 17, 2014 at 15:36

2 Answers 2

15

With REVOKE e.g.:

REVOKE postgres FROM tester;
answered Oct 17, 2014 at 16:11
-3

Check the existence of a member role in another role.

SELECT r.rolname as username, r1.rolname as "role", roleid, member
FROM pg_catalog.pg_roles r JOIN pg_catalog.pg_auth_members m
ON (m.member = r.oid)
JOIN pg_roles r1 ON (m.roleid=r1.oid)
WHERE r.rolname = 'tester' AND r1.rolname = 'postgres';

Solution

REVOKE postgres FROM tester;
-- Or also
REVOKE "postgres" FROM "tester";

Notice that 'postgres' and 'tester' does not work.

WARNING:

Hack in the internals is extremely bad advice

But in case the code helps you to do something else that does not have a native implementation.

DELETE FROM pg_auth_members WHERE
member = (SELECT member
 FROM pg_catalog.pg_roles r JOIN pg_catalog.pg_auth_members m
 ON (m.member = r.oid)
 JOIN pg_roles r1 ON (m.roleid=r1.oid)
 WHERE r.rolname = 'tester' AND r1.rolname = 'postgres') AND
roleid = (SELECT roleid
 FROM pg_catalog.pg_roles r JOIN pg_catalog.pg_auth_members m
 ON (m.member = r.oid)
 JOIN pg_roles r1 ON (m.roleid=r1.oid)
 WHERE r.rolname = 'tester' AND r1.rolname = 'postgres');

GL

Source

answered Nov 7, 2020 at 5:42
5
  • 3
    Why write code to hack in the internals when a simple revoke will do? This is extremely bad advice. Commented Nov 7, 2020 at 7:51
  • REVOKE DOES NOT WORK !!! And if I want to do it at a low level, what is your problem? Also, if Postgres allows editing for a reason, that decision precedes your opinions. And if only to get the members I have to access that way as in this answer [dba.stackexchange.com/a/136869/154867], that remains for the edit. Commented Nov 7, 2020 at 16:41
  • Did you remember to commit after revoke? Commented Nov 7, 2020 at 16:42
  • I found the problem, I was using 'postgres' instead of postgres or "postgres" which do work. Sorry. I will proceed to edit the answer. Commented Nov 7, 2020 at 16:48
  • Updated answer with suggested. Commented Nov 7, 2020 at 17:08

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.