|From:||Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>|
|To:||Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>|
|Subject:||Re: Role membership and DROP|
|Views:||Raw Message | Whole Thread | Download mbox | Resend email|
Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> writes:
> I realized only today that if role A is a member of role B,
> A can ALTER and DROP objects owned by B.
> I don't have a problem with that, but the documentation seems to
> suggest otherwise. For example, for DROP TABLE:
> Only the table owner, the schema owner, and superuser can drop a table.
Generally, if you are a member of a role, that means you are the role for
privilege-test purposes. I'm not on board with adding "(or a member of
that role)" to every place it could conceivably be added; I think that
would be more annoying than helpful.
It might be worth clarifying this point in section 5.7,
but let's not duplicate that in every ref/ page.
regards, tom lane
|Next Message||Yasuhiro Horimoto||2019-11-14 02:36:30||I suggest improving install steps for CentOS 8|
|Previous Message||Laurenz Albe||2019-11-13 21:36:11||Role membership and DROP|
|Next Message||Li, Zheng||2019-11-13 22:25:56||Re: NOT IN subquery optimization|
|Previous Message||Alvaro Herrera||2019-11-13 21:45:44||Re: Creating foreign key on partitioned table is too slow|