From: | 德哥 <digoal(at)126(dot)com> |
---|---|
To: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Cc: | pgsql-bugs(at)postgresql(dot)org |
Subject: | Re: BUG #14131: BUG, schema owner can drop otheruser's object in it's schema |
Date: | 2016-05-10 15:44:54 |
Message-ID: | 1f2ec8ca.bd64.1549b57aac8.Coremail.digoal@126.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-bugs |
Yes, database owner can drop database direct, but it can not drop object in database direct.
but schema owner can drop object in schema direct.
I think this is not good for a Enterprise Database system.
postgres=> \c postgres r1
You are now connected to database "postgres" as user "r1".
postgres=> create database db1;
CREATE DATABASE
postgres=> grant all on database db1 to r2;
GRANT
postgres=> \c db1 r2
You are now connected to database "db1" as user "r2".
db1=> create schema r2;
CREATE SCHEMA
db1=> create table r2.t(id int);
CREATE TABLE
db1=> insert into t select generate_series(1,100);
INSERT 0 100
db1=> \c db1 postgres
You are now connected to database "db1" as user "postgres".
db1=# create table t(id int);
CREATE TABLE
db1=# insert into t select generate_series(1,100);
INSERT 0 100
postgres=> \c db1 r1
You are now connected to database "db1" as user "r1".
db1=> drop table r2.t ;
ERROR: permission denied for schema r2
db1=> drop table public.t ;
ERROR: must be owner of relation t
db1=> drop schema r2;
ERROR: must be owner of schema r2
db1=> drop schema public;
ERROR: must be owner of schema public
db1=> \c postgres r1
You are now connected to database "postgres" as user "r1".
postgres=> drop database r1;
ERROR: database "r1" does not exist
postgres=> drop database db1;
DROP DATABASE
regards, digoal
At 2016-05-10 21:59:13, "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> wrote:
>digoal(at)126(dot)com writes:
>> schema r1's owenr is r1.
>> i create two table in schema r1, these table's owner is r2 and postgres. but
>> schema r1's owner r1 can drop r2 and postgres's table in schema r1.
>
>This is the intended and documented behavior. It's no different than
>if a database owner chooses to drop a database.
>
> regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | 德哥 | 2016-05-10 15:55:48 | Re: BUG #14131: BUG, schema owner can drop otheruser's object in it's schema |
Previous Message | David G. Johnston | 2016-05-10 14:18:46 | Re: BUG #14131: BUG, schema owner can drop otheruser's object in it's schema |