* Bruce Momjian (pgman@candle.pha.pa.us) wrote:
> http://candle.pha.pa.us/main/writings/pgsql/sgml/release.html#RELEASE-8-1
Regarding E.1.3.4 (Object Manipulation Changes):
---------
Allow ALTER OWNER commands to be performed by the object owner as well
as the superuser (Stephen Frost)
Prior releases only allowed super-user to change object owners, even if
the current owner was executing the command and the new owner have
permission to create objects of that type.
---------
This isn't *quite* right and implies an ability some might frown upon
("giving away" objects) that isn't actually allowed by my changes.
How about:
---------
Allow ALTER OWNER commands to be performed by the object owner (Stephen
Frost)
Prior releases only allowed a single user to own an object. With the
addition of role support (where a role can own an object and that role
can have members) it's now possible for multiple users to have ownership
rights on a given object. ALTER OWNER has been updated to allow
changing the ownership of an object when the user has ownership rights
on the object, is in the new owner role, and the new owner role has
the right to create the object.
---------
Unfortunately, though there was some discussion on it, it seems that the
new owner role must have rights to create the object even if the user
doing the ALTER OWNER owns the schema/db in question. This means a user
would have to first grant create privileges to the unpriviledged role,
change the ownership to that role, and then reokve the create privileges.
This also means that a number of explicit 'superuser()' checks were
added after I had worked to minimize them. I'd still like to see the
explicit superuser() checks removed in favor of checking schema
ownership but I'm guessing it's too late for that now.
Perhaps after 8.1 is released we'll get some conversation regarding
these kinds of things which goes beyond just Tom and I. I don't mind
discussing it with Tom but it'd be nice to get some fresh viewpoints on
the subject and eventually "I think it's better", "I don't like it" gets
kind of boring and can be difficult to work past (well, except he has
commit access and I don't... ;).
Thanks,
Stephen