| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Amit Kapila <amit(dot)kapila16(at)gmail(dot)com> |
| Cc: | Mark Dilger <mark(dot)dilger(at)enterprisedb(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>, Peter Eisentraut <peter(dot)eisentraut(at)enterprisedb(dot)com>, Petr Jelinek <petr(dot)jelinek(at)enterprisedb(dot)com> |
| Subject: | Re: Why does the owner of a publication need CREATE privileges on the database? |
| Date: | 2021-08-10 15:21:28 |
| Message-ID: | 3786970.1628608888@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Amit Kapila <amit(dot)kapila16(at)gmail(dot)com> writes:
> On Tue, Jul 27, 2021 at 11:29 PM Mark Dilger
> <mark(dot)dilger(at)enterprisedb(dot)com> wrote:
>> The documentation for ALTER PUBLICATION ... OWNER TO ... claims the new owner must have CREATE privilege on the database, though superuser can change the ownership in spite of this restriction. No explanation is given for this requirement.
> I am not aware of the original thought process behind this but current
> behavior seems reasonable because if users need to have CREATE
> privilege on the database while Create Publication, the same should be
> true while we change the owner to a new owner.
I think that for most (all?) forms of ALTER, we say that you need the same
privileges as you would need to drop the existing object and create a new
one with the new properties. From the standpoint of the privilege
system, ALTER is just a shortcut for that.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2021-08-10 15:25:55 | Re: when the startup process doesn't (logging startup delays) |
| Previous Message | Fujii Masao | 2021-08-10 15:21:11 | Re: RFC: Logging plan of the running query |