Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256)
	(Exim 4.89)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1iVgX5-0005Wr-2i
	for pgsql-hackers@arkaria.postgresql.org; Fri, 15 Nov 2019 18:41:23 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.89)
	(envelope-from <pgsql-hackers-owner+archive@lists.postgresql.org>)
	id 1iVgX3-0001m3-TJ
	for pgsql-hackers@arkaria.postgresql.org; Fri, 15 Nov 2019 18:41:21 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_CBC_SHA1:256)
	(Exim 4.89)
	(envelope-from <tgl@sss.pgh.pa.us>)
	id 1iVgX3-0001ls-H7; Fri, 15 Nov 2019 18:41:21 +0000
Received: from sss.pgh.pa.us ([66.207.139.130])
	by makus.postgresql.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <tgl@sss.pgh.pa.us>)
	id 1iVgWu-0007jA-9g; Fri, 15 Nov 2019 18:41:19 +0000
Received: from sss1.sss.pgh.pa.us (localhost [127.0.0.1])
	by sss.pgh.pa.us (8.14.4/8.14.4) with ESMTP id xAFIf6gg010547;
	Fri, 15 Nov 2019 13:41:07 -0500
From: Tom Lane <tgl@sss.pgh.pa.us>
To: Laurenz Albe <laurenz.albe@cybertec.at>
cc: pgsql-hackers@postgresql.org, pgsql-docs@lists.postgresql.org
Subject: Re: Role membership and DROP
In-reply-to: <c1b3ed843b5002d56c04885b7ce7d0eea08c22c9.camel@cybertec.at>
References: <504497aca66bf34bdcdd90bd0bcebdc3a33f577b.camel@cybertec.at>
 <6808.1573683426@sss.pgh.pa.us>
 <c1b3ed843b5002d56c04885b7ce7d0eea08c22c9.camel@cybertec.at>
Comments: In-reply-to Laurenz Albe <laurenz.albe@cybertec.at>
	message dated "Fri, 15 Nov 2019 10:32:11 +0100"
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-ID: <10545.1573843266.1@sss.pgh.pa.us>
Date: Fri, 15 Nov 2019 13:41:06 -0500
Message-ID: <10546.1573843266@sss.pgh.pa.us>
List-Id: <pgsql-hackers.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-hackers@lists.postgresql.org>
List-Owner: <mailto:pgsql-hackers-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-hackers>
Precedence: bulk

Laurenz Albe <laurenz.albe@cybertec.at> writes:
> On Wed, 2019-11-13 at 17:17 -0500, Tom Lane wrote:
>> It might be worth clarifying this point in section 5.7,
>> https://www.postgresql.org/docs/devel/ddl-priv.html
>> but let's not duplicate that in every ref/ page.

> I have attached a proposed patch.

   <para>
    The right to modify or destroy an object is always the privilege of
-   the owner only.
+   the owner.  Like all privileges, that right can be inherited by members of
+   the owning role.
   </para>

Hm.  This is more or less contradicting the original meaning of the
existing sentence, so maybe we need to rewrite a bit more.  What do
you think of

    The right to modify or destroy an object is inherent in being the
    object's owner.  Like all privileges, that right can be inherited by
    members of the owning role; but there is no way to grant or revoke
    it more selectively.

A larger problem (pre-existing, since there's a reference to being a
member of the owning role just a bit further down) is that I don't think
we've defined role membership at this point, so the reader is quite
entitled to come away more confused than they were before.  It might not
be advisable to try to cover role membership here, but we should at
least add a cross-reference to where it's explained.

			regards, tom lane