On Sun, 2011-10-09 at 11:58 -0400, Tom Lane wrote:
> Marc Munro <marc@bloodnok.com> writes:
> > It seems that in order to create an object in a given schema, I must
> > have been granted create privilege on the schema. But in order to drop
> > that object I require usage privilege.
>
> > This means that with the right privilege settings I can create objects
> > that I cannot subsequently drop, or can drop an object that I cannot
> > recreate.
>
> Yeah. So? You can get similar effects with read-only or write-only
> directories in Unix filesystems. Don't see why you find this surprising.
It's just that ordinarily as the owner of an object, I can do what I
like with it. In this case, I can't. In fact, once I've created the
table I can't access it. I guess the surprising thing to me is that I'm
allowed to create it without usage privilege.
However, it is what it is, and as it is intended behaviour I will
happily work with it. Perhaps some extra notes in the documentation of
the sql-grants section might be useful.
As a side note: creating a file in a write-only directory on Unix
doesn't work for me.
> regards, tom lane
Thanks for the response.
__
Marc