Re: BUG #14131: BUG, schema owner can drop otheruser's object in it's schema
| От | 德哥 |
|---|---|
| Тема | Re: BUG #14131: BUG, schema owner can drop otheruser's object in it's schema |
| Дата | |
| Msg-id | 1f2ec8ca.bd64.1549b57aac8.Coremail.digoal@126.com обсуждение |
| Ответ на | Re: BUG #14131: BUG, schema owner can drop otheruser's object in it's schema (Tom Lane <tgl@sss.pgh.pa.us>) |
| Список | pgsql-bugs |
Yes, database owner can drop database direct, but it can not drop object in database direct.
but schema owner can drop object in schema direct.
I think this is not good for a Enterprise Database system.
postgres=> \c postgres r1
You are now connected to database "postgres" as user "r1".
postgres=> create database db1;
CREATE DATABASE
postgres=> grant all on database db1 to r2;
GRANT
postgres=> \c db1 r2
You are now connected to database "db1" as user "r2".
db1=> create schema r2;
CREATE SCHEMA
db1=> create table r2.t(id int);
CREATE TABLE
db1=> insert into t select generate_series(1,100);
INSERT 0 100
db1=> \c db1 postgres
You are now connected to database "db1" as user "postgres".
db1=# create table t(id int);
CREATE TABLE
db1=# insert into t select generate_series(1,100);
INSERT 0 100
postgres=> \c db1 r1
You are now connected to database "db1" as user "r1".
db1=> drop table r2.t ;
ERROR: permission denied for schema r2
db1=> drop table public.t ;
ERROR: must be owner of relation t
db1=> drop schema r2;
ERROR: must be owner of schema r2
db1=> drop schema public;
ERROR: must be owner of schema public
db1=> \c postgres r1
You are now connected to database "postgres" as user "r1".
postgres=> drop database r1;
ERROR: database "r1" does not exist
postgres=> drop database db1;
DROP DATABASE
regards, digoal
At 2016-05-10 21:59:13, "Tom Lane" <tgl@sss.pgh.pa.us> wrote: >digoal@126.com writes: >> schema r1's owenr is r1. >> i create two table in schema r1, these table's owner is r2 and postgres. but >> schema r1's owner r1 can drop r2 and postgres's table in schema r1. > >This is the intended and documented behavior. It's no different than >if a database owner chooses to drop a database. > > regards, tom lane
В списке pgsql-bugs по дате отправления: