Re: Role membership and DROP

Поиск
Список
Период
Сортировка
От Laurenz Albe
Тема Re: Role membership and DROP
Дата
Msg-id c1b3ed843b5002d56c04885b7ce7d0eea08c22c9.camel@cybertec.at
обсуждение исходный текст
Ответ на Re: Role membership and DROP  (Tom Lane <tgl@sss.pgh.pa.us>)
Ответы Re: Role membership and DROP  (Tom Lane <tgl@sss.pgh.pa.us>)
Re: Role membership and DROP  (Tom Lane <tgl@sss.pgh.pa.us>)
Список pgsql-hackers
On Wed, 2019-11-13 at 17:17 -0500, Tom Lane wrote:
> Laurenz Albe <laurenz.albe@cybertec.at> writes:
> > I realized only today that if role A is a member of role B,
> > A can ALTER and DROP objects owned by B.
> > I don't have a problem with that, but the documentation seems to
> > suggest otherwise.  For example, for DROP TABLE:
> >     Only the table owner, the schema owner, and superuser can drop a table.
> 
> Generally, if you are a member of a role, that means you are the role for
> privilege-test purposes.  I'm not on board with adding "(or a member of
> that role)" to every place it could conceivably be added; I think that
> would be more annoying than helpful.
> 
> It might be worth clarifying this point in section 5.7,
> 
> https://www.postgresql.org/docs/devel/ddl-priv.html
> 
> but let's not duplicate that in every ref/ page.

That's much better.

I have attached a proposed patch.

Yours,
Laurenz Albe

Вложения

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Pavel Stehule
Дата:
Сообщение: Re: SQL/JSON: JSON_TABLE
Следующее
От: Peter Eisentraut
Дата:
Сообщение: Re: could not stat promote trigger file leads to shutdown