Re: BUG #14131: BUG, schema owner can drop otheruser's object in it's schema

Yes, database owner can drop database direct, but it can not drop object in database direct.
but schema owner can drop object in schema direct.
I think this is not good for a Enterprise Database system.

postgres=> \c postgres r1
You are now connected to database "postgres" as user "r1".
postgres=> create database db1;
CREATE DATABASE
postgres=> grant all on database db1 to r2;
GRANT
postgres=> \c db1 r2
You are now connected to database "db1" as user "r2".
db1=> create schema r2;
CREATE SCHEMA
db1=> create table r2.t(id int);
CREATE TABLE
db1=> insert into t select generate_series(1,100);
INSERT 0 100
db1=> \c db1 postgres
You are now connected to database "db1" as user "postgres".
db1=# create table t(id int);
CREATE TABLE
db1=# insert into t select generate_series(1,100);
INSERT 0 100
postgres=> \c db1 r1
You are now connected to database "db1" as user "r1".
db1=> drop table r2.t ;
ERROR: permission denied for schema r2
db1=> drop table public.t ;
ERROR: must be owner of relation t
db1=> drop schema r2;
ERROR: must be owner of schema r2
db1=> drop schema public;
ERROR: must be owner of schema public
db1=> \c postgres r1
You are now connected to database "postgres" as user "r1".
postgres=> drop database r1;
ERROR: database "r1" does not exist
postgres=> drop database db1;
DROP DATABASE

regards, digoal

At 2016-05-10 21:59:13, "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>digoal(at)126(dot)com writes:
>> schema r1's owenr is r1.
>> i create two table in schema r1, these table's owner is r2 and postgres. but
>> schema r1's owner r1 can drop r2 and postgres's table in schema r1.
>
>This is the intended and documented behavior. It's no different than
>if a database owner chooses to drop a database.
>
> regards, tom lane