From: | Robert Haas <robertmhaas(at)gmail(dot)com> |
---|---|
To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: privileges for changing schema owner |
Date: | 2017-01-30 16:32:36 |
Message-ID: | CA+TgmoYCADakcNF9beF8zC5QDq19-7Uy601SnaTOpx8gUEM+dQ@mail.gmail.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Fri, Jan 27, 2017 at 3:42 PM, Peter Eisentraut
<peter(dot)eisentraut(at)2ndquadrant(dot)com> wrote:
> Normally, when changing the owner of an object, we check (among other
> things) that the new owner has the same privileges that would be needed
> to create the object from scratch. For for example, when changing the
> owner of a type, the new owner needs to have CREATE privilege on the
> containing schema. Or when changing the owner of a foreign server, the
> new owner needs to have USAGE privilege on the foreign-data wrapper.
>
> The exception is that when changing the owner of a schema or database,
> we check CREATE privilege on the database of the *current* user. There
> is even a comment about it in the code:
>
> * NOTE: This is different from other alter-owner checks in that the
> * current user is checked for create privileges instead of the
> * destination owner. This is consistent with the CREATE case for
> * schemas.
>
> I don't understand the rationale for this or what rationale that last
> sentence is apparently trying to give.
>
> I'm trying to extrapolate whatever rule this is to new object types, if
> appropriate.
This seems to have been introduced by
aa1110624c08298393dfce996f7b21809d98d3fd, written by Stephen Frost and
committed by Tom Lane in 2005, so maybe one of them remembers what the
motivation was. But off-hand I'd say it doesn't look very consistent.
If renaming a type requires (1) owning it, (2) being able to become
the new owner, and (3) that the new owner have permission to create a
type in that namespace, then why not have the check for schemas be
that (1) you must own it, (2) you must be able to become the new
owner, and (3) the new owner has permission to create that schema in
that database? But instead, renaming a schema just requires (1)
owning it and (2) permission for the current user to create schemas in
the current database. Like you, I can't piece together the rationale
for that apparent inconsistency from the comments.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company
From | Date | Subject | |
---|---|---|---|
Next Message | Alvaro Herrera | 2017-01-30 16:55:55 | Re: multivariate statistics (v19) |
Previous Message | Heikki Linnakangas | 2017-01-30 16:21:59 | Re: Deadlock in XLogInsert at AIX |