Learn with Yasir

Share Your Feedback

DROP ROLE in PostgreSQL | Delete Users & Safely Remove Roles


Learn how to use DROP ROLE command to remove users and roles in PostgreSQL. Includes ownership rules, REASSIGN OWNED BY syntax, and safe role deletion methods.

In PostgreSQL, DROP ROLE is used to remove (delete) a role/user from the system.

πŸ”Ή What is DROP ROLE?

πŸ‘‰ It is a command used to:

  • Delete a role (user or group)
  • Remove its access to the database system

πŸ”Ή Why Do We Use DROP ROLE?

βœ… 1. Remove Unused Users

  • When a user leaves (e.g., student graduates, employee resigns)

βœ… 2. Improve Security

  • Remove unnecessary accounts to prevent misuse

βœ… 3. Clean Database System

  • Keep roles organized and manageable

πŸ”Ή Basic Syntax

DROP ROLE role_name;

πŸ”Ή Simple Example (Beginner)

Step 1: Create a Role

CREATE ROLE test_user WITH LOGIN PASSWORD '123';

Step 2: Drop the Role

DROP ROLE test_user;

βœ”οΈ The role is now removed from PostgreSQL

⚠️ Important Rules (Very Important)

You CANNOT drop a role if it:

❌ 1. Owns a database

Example:

ALTER DATABASE dvdrental OWNER TO test_user;

Then:

DROP ROLE test_user;  -- ❌ ERROR

❌ 2. Owns tables or objects

❌ 3. Has active connections

πŸ”Ή How to Safely Drop a Role

Step 1: Reassign ownership

REASSIGN OWNED BY test_user TO postgres;

Step 2: Remove permissions

DROP OWNED BY test_user;

Step 3: Drop role

DROP ROLE test_user;

πŸ”Ή Example with dvdrental

-- Create role
CREATE ROLE trainee WITH LOGIN PASSWORD '123';

-- Give access
GRANT CONNECT ON DATABASE dvdrental TO trainee;

-- Remove role safely
REASSIGN OWNED BY trainee TO postgres;
DROP OWNED BY trainee;
DROP ROLE trainee;

🧠 Key Concept

πŸ‘‰ A role cannot be deleted if it is still linked to database objects

πŸ§‘β€πŸ« Teaching Tip

Ask students: πŸ‘‰ β€œWhy did DROP ROLE fail?”

This helps them understand:

  • Ownership
  • Dependencies
  • Security concepts

πŸš€ Bonus (Check Roles Before Deleting)

SELECT rolname FROM pg_roles;

πŸ§ͺ Lab: Understanding DROP ROLE in PostgreSQL

🎯 Learning Objectives

Students will learn:

  • How to safely delete roles
  • Why DROP ROLE may fail
  • How to resolve dependency errors
  • Difference between ownership and permissions

πŸ”Ή Scenario

You are managing a system where temporary users (trainees, interns, students) must be removed after use.

πŸ”Ή Step 1: Create a Test Role

CREATE ROLE trainee WITH LOGIN PASSWORD '123';

Verify:

SELECT rolname FROM pg_roles;

πŸ”Ή Step 2: Drop the Role (Basic Case)

```sql id=”mqy8mx” DROP ROLE trainee;


βœ”οΈ Works because:

* No ownership
* No permissions
* No dependencies

---

### πŸ”Ή Step 3: Create Role Again

```sql
CREATE ROLE trainee WITH LOGIN PASSWORD '123';

πŸ”Ή Step 4: Assign Permissions (dvdrental)

GRANT CONNECT ON DATABASE dvdrental TO trainee;

Try dropping:

```sql id=”yxczgi” DROP ROLE trainee;


πŸ‘‰ ❓ Ask students:

* Does it work or fail?

βœ”οΈ Usually it **fails** due to dependencies

---

# πŸ”Ή Step 5: Fix the Error

```sql
DROP OWNED BY trainee;
DROP ROLE trainee;

πŸ”₯ Critical Learning Section

πŸ”Ή Step 6: Ownership Problem (Very Important)

Create role again:

CREATE ROLE trainee WITH LOGIN PASSWORD '123';

Assign ownership:

ALTER DATABASE dvdrental OWNER TO trainee;

Now try:

DROP ROLE trainee;

❌ This will FAIL

🧠 Why It Fails?

πŸ‘‰ Because:

  • Role owns the database
  • PostgreSQL prevents deletion to avoid data loss

πŸ”Ή Step 7: Resolve Ownership Issue

REASSIGN OWNED BY trainee TO postgres;

Then:

DROP OWNED BY trainee;

β€œRemove everything that this role (trainee) owns in the current database.”

This includes:

  • Tables
  • Views
  • Sequences
  • Functions
  • Permissions (grants)

Finally:

DROP ROLE trainee;

βœ”οΈ Now it works

πŸ” Step 8: Investigate Ownership

SELECT datname, pg_catalog.pg_get_userbyid(datdba) AS owner
FROM pg_database;

πŸ§ͺ Student Tasks

βœ… Task 1: Basic Deletion

  • Create role temp_user
  • Drop it immediately

βœ… Task 2: Permission Dependency

  • Create role intern
  • Grant SELECT on a table in dvdrental
  • Try dropping β†’ observe error
  • Fix and drop

βœ… Task 3: Ownership Dependency

  • Create role manager
  • Assign database ownership
  • Try dropping β†’ observe error
  • Fix using REASSIGN OWNED

βœ… Task 4: Table Ownership Test

ALTER TABLE film OWNER TO trainee;

Try:

DROP ROLE trainee;

πŸ‘‰ Fix it properly

🧠 Key Concepts Summary

Concept Explanation
DROP ROLE Deletes a user/role
Dependency Role linked to objects
REASSIGN OWNED Transfer ownership
DROP OWNED Remove permissions
Ownership Strongest control

⚠️ Common Errors (Teach Students)

Error Reason
cannot drop role still owns objects
permission denied not superuser
role is in use active connections