Re: Role membership and DROP

From: Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at>
To: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: pgsql-hackers(at)postgresql(dot)org, pgsql-docs(at)lists(dot)postgresql(dot)org
Subject: Re: Role membership and DROP
Date: 2019-11-15 09:32:11
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-docs pgsql-hackers

On Wed, 2019-11-13 at 17:17 -0500, Tom Lane wrote:
> Laurenz Albe <laurenz(dot)albe(at)cybertec(dot)at> writes:
> > I realized only today that if role A is a member of role B,
> > A can ALTER and DROP objects owned by B.
> > I don't have a problem with that, but the documentation seems to
> > suggest otherwise. For example, for DROP TABLE:
> > Only the table owner, the schema owner, and superuser can drop a table.
> Generally, if you are a member of a role, that means you are the role for
> privilege-test purposes. I'm not on board with adding "(or a member of
> that role)" to every place it could conceivably be added; I think that
> would be more annoying than helpful.
> It might be worth clarifying this point in section 5.7,
> but let's not duplicate that in every ref/ page.

That's much better.

I have attached a proposed patch.

Laurenz Albe

Attachment Content-Type Size
0001-Document-that-the-right-to-ALTER-or-DROP-can-be-inhe.patch text/x-patch 856 bytes

In response to


Browse pgsql-docs by date

  From Date Subject
Next Message Tom Lane 2019-11-15 18:41:06 Re: Role membership and DROP
Previous Message Michael Paquier 2019-11-15 01:24:35 Re: Regarding Foreign data wrapper Import Schema

Browse pgsql-hackers by date

  From Date Subject
Next Message Peter Eisentraut 2019-11-15 09:43:07 Re: could not stat promote trigger file leads to shutdown
Previous Message Pavel Stehule 2019-11-15 09:17:12 Re: SQL/JSON: JSON_TABLE