|From:||Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>|
|To:||Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>|
|Subject:||Re: Role membership and DROP|
|Views:||Raw Message | Whole Thread | Download mbox | Resend email|
On Wed, 2019-11-13 at 17:17 -0500, Tom Lane wrote:
> Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> writes:
> > I realized only today that if role A is a member of role B,
> > A can ALTER and DROP objects owned by B.
> > I don't have a problem with that, but the documentation seems to
> > suggest otherwise. For example, for DROP TABLE:
> > Only the table owner, the schema owner, and superuser can drop a table.
> Generally, if you are a member of a role, that means you are the role for
> privilege-test purposes. I'm not on board with adding "(or a member of
> that role)" to every place it could conceivably be added; I think that
> would be more annoying than helpful.
> It might be worth clarifying this point in section 5.7,
> but let's not duplicate that in every ref/ page.
That's much better.
I have attached a proposed patch.
|Next Message||Tom Lane||2019-11-15 18:41:06||Re: Role membership and DROP|
|Previous Message||Michael Paquier||2019-11-15 01:24:35||Re: Regarding Foreign data wrapper Import Schema|
|Next Message||Peter Eisentraut||2019-11-15 09:43:07||Re: could not stat promote trigger file leads to shutdown|
|Previous Message||Pavel Stehule||2019-11-15 09:17:12||Re: SQL/JSON: JSON_TABLE|