Re: Role membership and DROP

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Tom Lane <[email protected]>
To: Laurenz Albe <[email protected]>
Cc: [email protected]
Cc: [email protected]
Subject: Re: Role membership and DROP
Date: Fri, 15 Nov 2019 13:41:06 -0500
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
	<[email protected]>
	<[email protected]>

Laurenz Albe <[email protected]> writes:
> On Wed, 2019-11-13 at 17:17 -0500, Tom Lane wrote:
>> It might be worth clarifying this point in section 5.7,
>> https://www.postgresql.org/docs/devel/ddl-priv.html
>> but let's not duplicate that in every ref/ page.

> I have attached a proposed patch.

   <para>
    The right to modify or destroy an object is always the privilege of
-   the owner only.
+   the owner.  Like all privileges, that right can be inherited by members of
+   the owning role.
   </para>

Hm.  This is more or less contradicting the original meaning of the
existing sentence, so maybe we need to rewrite a bit more.  What do
you think of

    The right to modify or destroy an object is inherent in being the
    object's owner.  Like all privileges, that right can be inherited by
    members of the owning role; but there is no way to grant or revoke
    it more selectively.

A larger problem (pre-existing, since there's a reference to being a
member of the owning role just a bit further down) is that I don't think
we've defined role membership at this point, so the reader is quite
entitled to come away more confused than they were before.  It might not
be advisable to try to cover role membership here, but we should at
least add a cross-reference to where it's explained.

			regards, tom lane

view thread (8+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected], [email protected], [email protected]
  Subject: Re: Role membership and DROP
  In-Reply-To: <[email protected]>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox