As part of my effort to write the book, I wondered if deletion of a user deletes the cluster-user as well as the application user (the entry in the users table) and by consequence:
(a) If it does, how does it detect that it shouldn't be dropped because it's used in other databases?
(b) If it doesn't, how do we prevent "dangling" database logins?
As it turns out, it does. However:
1. It checks if the user exists in the users table, so, dangling users can't be deleted
2. It doesn't check if the user has other roles in the database (possibly logins to other lsmb apps?) indicating the cluster user can't be deleted, throwing away all other access said user has to the cluster
Log in to post a comment.