| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | zardozwildman(at)hotmail(dot)com |
| Cc: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: BUG #7791: create database with owner, owner does not get usage on schema |
| Date: | 2013-01-07 00:02:32 |
| Message-ID: | 9600.1357516952@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
zardozwildman(at)hotmail(dot)com writes:
> This database creation script was executed via the postgres superuser.
> Executes create database and the "with owner" clause.
> Create database assigns ownership to a role (myta_admin_role). This is not a
> login role.
> After database creation, script creates a schema. I later discovered that
> the role never gets usage permission on the schema. Even though it is the
> database owner.
This isn't a bug. A database owner just owns the database (and hence
can rename or drop it). The owner doesn't magically have additional
permissions on the objects therein. It'd be a security hole if he did,
at least for superuser-owned objects such as the core functions and
operators ... and I gather that you created this schema as superuser.
We could argue about whether database owners should have extra
privileges on objects belonging to ordinary users, but it'd be rather
inconsistent to do that IMO. It makes more sense for the object owner
to have to grant privileges to the database owner, if the latter is to
be able to access the object.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2013-01-07 00:25:24 | Re: BUG #7794: pg_dump: errors when using pipes/streams |
| Previous Message | paul.watson | 2013-01-06 23:22:39 | BUG #7795: Cannot choose UTF-8 encoding for initdb |