| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
| Cc: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Role membership and DROP |
| Date: | 2019-11-13 22:17:06 |
| Message-ID: | 6808.1573683426@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-docs pgsql-hackers |
Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> writes:
> I realized only today that if role A is a member of role B,
> A can ALTER and DROP objects owned by B.
> I don't have a problem with that, but the documentation seems to
> suggest otherwise. For example, for DROP TABLE:
> Only the table owner, the schema owner, and superuser can drop a table.
Generally, if you are a member of a role, that means you are the role for
privilege-test purposes. I'm not on board with adding "(or a member of
that role)" to every place it could conceivably be added; I think that
would be more annoying than helpful.
It might be worth clarifying this point in section 5.7,
https://www.postgresql.org/docs/devel/ddl-priv.html
but let's not duplicate that in every ref/ page.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Yasuhiro Horimoto | 2019-11-14 02:36:30 | I suggest improving install steps for CentOS 8 |
| Previous Message | Laurenz Albe | 2019-11-13 21:36:11 | Role membership and DROP |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Li, Zheng | 2019-11-13 22:25:56 | Re: NOT IN subquery optimization |
| Previous Message | Alvaro Herrera | 2019-11-13 21:45:44 | Re: Creating foreign key on partitioned table is too slow |