| From: | Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-hackers(at)postgresql(dot)org, pgsql-docs(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Role membership and DROP |
| Date: | 2019-11-15 09:32:11 |
| Message-ID: | c1b3ed843b5002d56c04885b7ce7d0eea08c22c9.camel@cybertec.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-docs pgsql-hackers |
On Wed, 2019-11-13 at 17:17 -0500, Tom Lane wrote:
> Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> writes:
> > I realized only today that if role A is a member of role B,
> > A can ALTER and DROP objects owned by B.
> > I don't have a problem with that, but the documentation seems to
> > suggest otherwise. For example, for DROP TABLE:
> > Only the table owner, the schema owner, and superuser can drop a table.
>
> Generally, if you are a member of a role, that means you are the role for
> privilege-test purposes. I'm not on board with adding "(or a member of
> that role)" to every place it could conceivably be added; I think that
> would be more annoying than helpful.
>
> It might be worth clarifying this point in section 5.7,
>
> https://www.postgresql.org/docs/devel/ddl-priv.html
>
> but let's not duplicate that in every ref/ page.
That's much better.
I have attached a proposed patch.
Yours,
Laurenz Albe
| Attachment | Content-Type | Size |
|---|---|---|
| 0001-Document-that-the-right-to-ALTER-or-DROP-can-be-inhe.patch | text/x-patch | 856 bytes |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2019-11-15 18:41:06 | Re: Role membership and DROP |
| Previous Message | Michael Paquier | 2019-11-15 01:24:35 | Re: Regarding Foreign data wrapper Import Schema |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2019-11-15 09:43:07 | Re: could not stat promote trigger file leads to shutdown |
| Previous Message | Pavel Stehule | 2019-11-15 09:17:12 | Re: SQL/JSON: JSON_TABLE |