Re: Role membership and DROP

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>
Cc: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Role membership and DROP
Date: 2019-11-13 22:17:06
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-docs pgsql-hackers

Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> writes:
> I realized only today that if role A is a member of role B,
> A can ALTER and DROP objects owned by B.
> I don't have a problem with that, but the documentation seems to
> suggest otherwise. For example, for DROP TABLE:

> Only the table owner, the schema owner, and superuser can drop a table.

Generally, if you are a member of a role, that means you are the role for
privilege-test purposes. I'm not on board with adding "(or a member of
that role)" to every place it could conceivably be added; I think that
would be more annoying than helpful.

It might be worth clarifying this point in section 5.7,

but let's not duplicate that in every ref/ page.

regards, tom lane

In response to


Browse pgsql-docs by date

  From Date Subject
Next Message Yasuhiro Horimoto 2019-11-14 02:36:30 I suggest improving install steps for CentOS 8
Previous Message Laurenz Albe 2019-11-13 21:36:11 Role membership and DROP

Browse pgsql-hackers by date

  From Date Subject
Next Message Li, Zheng 2019-11-13 22:25:56 Re: NOT IN subquery optimization
Previous Message Alvaro Herrera 2019-11-13 21:45:44 Re: Creating foreign key on partitioned table is too slow