From derrick.rice@gmail.com Mon Jun 1 17:57:08 2026 Received: from maia.hub.org (maia-3.hub.org [200.46.204.243]) by mail.postgresql.org (Postfix) with ESMTP id 80259B5DC34 for ; Fri, 20 May 2011 12:42:42 -0300 (ADT) Received: from mail.postgresql.org ([200.46.204.86]) by maia.hub.org (mx1.hub.org [200.46.204.243]) (amavisd-maia, port 10024) with ESMTP id 68968-01 for ; Fri, 20 May 2011 15:42:34 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-bw0-f46.google.com (mail-bw0-f46.google.com [209.85.214.46]) by mail.postgresql.org (Postfix) with ESMTP id 4D36CB5DC35 for ; Fri, 20 May 2011 12:42:34 -0300 (ADT) Received: by bwz15 with SMTP id 15so3065833bwz.19 for ; Fri, 20 May 2011 08:42:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:date:message-id:subject:from:to :content-type; bh=7S2UHgH5tzJE0NdY6tBkuAD4WkUvtiGgNg1pzABkUFg=; b=xJ4MUr04mnTnWih7IuRuG4X37enHxybUY8bCxBgnh1Hay2Hh378ZaRIw9RF99oyCJX +yfNhqLTdmqSk4U+RKDH2dmX3M9Z2Xuem28SXfhALMBafT1xu8M8LTpA9/G5A6W3RBKd yiR1gKv9kN9iLQXhR9edc45nxcunQIF1ymjwg= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=u3TNVImRkNRTiRYcfObEJ8DosFdWe7BOX7Y9EeaX/ewLAF5/lFfKWLc1+9O4MclEt3 2xjADcxXZn/E1hLlNzZlc+paBgC498IESr95bI/YItvDgJu8++3I76rIKrh08IP1BR4x 81ZYW+j3v6Za3+2l5otUhGjdRe8a9ZUc7lFDk= MIME-Version: 1.0 Received: by 10.204.144.194 with SMTP id a2mr1365310bkv.93.1305906152808; Fri, 20 May 2011 08:42:32 -0700 (PDT) Received: by 10.204.39.140 with HTTP; Fri, 20 May 2011 08:42:32 -0700 (PDT) Date: Fri, 20 May 2011 11:42:32 -0400 Message-ID: Subject: DROP TABLE can be issued by schema owner as well as table owner From: Derrick Rice To: pgsql-docs@postgresql.org Content-Type: multipart/alternative; boundary=0015174c199259208f04a3b6f8b3 X-Virus-Scanned: Maia Mailguard 1.0.1 X-Spam-Status: No, hits=-1.887 tagged_above=-5 required=5 tests=BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RFC_ABUSE_POST=0.001, T_TO_NO_BRKTS_FREEMAIL=0.01 X-Spam-Level: X-Archive-Number: 201105/72 X-Sequence-Number: 6747 --0015174c199259208f04a3b6f8b3 Content-Type: text/plain; charset=ISO-8859-1 According to http://www.postgresql.org/docs/9.0/interactive/sql-droptable.html "DROP TABLE removes tables from the database. Only its owner can drop a table." In fact, the schema owner can drop the table, which is clearly stated here: http://www.postgresql.org/docs/9.0/interactive/sql-dropschema.html "A schema can only be dropped by its owner or a superuser. Note that the owner can drop the schema (and thereby all contained objects) even if he does not own some of the objects within the schema." There are likely other places besides the DROP TABLE page which can be misleading with regard to ability to drop a table. This should be made more clear, since in (possibly contrived) circumstances, being able to drop a table and recreate an exactly similar table may be a vulnerability (if the design assumed the table could only be dropped by the owner). (Just joined the list to post this -- sorry if it has already been brought up) Derrick --0015174c199259208f04a3b6f8b3 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable According to

http://www.postgresql.org/docs/9.0= /interactive/sql-droptable.html

"DROP TABLE removes tables = from the database. Only its owner can drop a table."

In fact, the schema owner can drop the table, which is clearly stated h= ere:

http://www.postgresql.org/docs/9.0/interactive/sql-dropsche= ma.html

"A schema can only be dropped by its owner or a superuser. Note th= at the owner can drop the schema (and thereby all contained objects) even i= f he does not own some of the objects within the schema."

There= are likely other places besides the DROP TABLE page which can be misleadin= g with regard to ability to drop a table.=A0 This should be made more clear= , since in (possibly contrived) circumstances, being able to drop a table a= nd recreate an exactly similar table may be a vulnerability (if the design = assumed the table could only be dropped by the owner).

(Just joined the list to post this -- sorry if it has already been brou= ght up)

Derrick
--0015174c199259208f04a3b6f8b3-- From guillaume@lelarge.info Mon Jun 1 17:57:08 2026 Received: from maia.hub.org (maia-2.hub.org [200.46.204.251]) by mail.postgresql.org (Postfix) with ESMTP id 5F73AB5DC33 for ; Fri, 20 May 2011 13:18:22 -0300 (ADT) Received: from mail.postgresql.org ([200.46.204.86]) by maia.hub.org (mx1.hub.org [200.46.204.251]) (amavisd-maia, port 10024) with ESMTP id 48384-06 for ; Fri, 20 May 2011 16:18:15 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from sd-17937.dedibox.fr (sd-17937.dedibox.fr [88.191.100.74]) by mail.postgresql.org (Postfix) with ESMTP id 0F558B5DC00 for ; Fri, 20 May 2011 13:18:15 -0300 (ADT) Received: from [192.168.10.3] (ASte-Genev-Bois-153-1-54-206.w81-249.abo.wanadoo.fr [81.249.148.206]) by sd-17937.dedibox.fr (Postfix) with ESMTPA id 579523B8F5; Fri, 20 May 2011 18:18:14 +0200 (CEST) Message-ID: <4DD69445.3070507@lelarge.info> Date: Fri, 20 May 2011 18:18:13 +0200 From: Guillaume Lelarge User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110424 Thunderbird/3.1.10 MIME-Version: 1.0 To: Derrick Rice CC: pgsql-docs@postgresql.org Subject: Re: DROP TABLE can be issued by schema owner as well as table owner References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Virus-Scanned: Maia Mailguard 1.0.1 X-Spam-Status: No, hits=-1.9 tagged_above=-5 required=5 tests=BAYES_00=-1.9 X-Spam-Level: X-Archive-Number: 201105/73 X-Sequence-Number: 6748 Le 05/20/2011 05:42 PM, Derrick Rice a écrit : > According to > > http://www.postgresql.org/docs/9.0/interactive/sql-droptable.html > > "DROP TABLE removes tables from the database. Only its owner can drop a > table." > > In fact, the schema owner can drop the table, which is clearly stated here: > > http://www.postgresql.org/docs/9.0/interactive/sql-dropschema.html > > "A schema can only be dropped by its owner or a superuser. Note that the > owner can drop the schema (and thereby all contained objects) even if he > does not own some of the objects within the schema." > > There are likely other places besides the DROP TABLE page which can be > misleading with regard to ability to drop a table. This should be made more > clear, since in (possibly contrived) circumstances, being able to drop a > table and recreate an exactly similar table may be a vulnerability (if the > design assumed the table could only be dropped by the owner). > > (Just joined the list to post this -- sorry if it has already been brought > up) > Well, for a specific object, any superuser, the database owner, the schema owner, and the object owner could drop the object. This is not a vulnerability. -- Guillaume http://www.postgresql.fr http://dalibo.com From derrick.rice@gmail.com Mon Jun 1 17:57:08 2026 Received: from maia.hub.org (maia-3.hub.org [200.46.204.243]) by mail.postgresql.org (Postfix) with ESMTP id 13F91B5DC00 for ; Fri, 20 May 2011 13:35:33 -0300 (ADT) Received: from mail.postgresql.org ([200.46.204.86]) by maia.hub.org (mx1.hub.org [200.46.204.243]) (amavisd-maia, port 10024) with ESMTP id 18533-07 for ; Fri, 20 May 2011 16:35:25 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-bw0-f46.google.com (mail-bw0-f46.google.com [209.85.214.46]) by mail.postgresql.org (Postfix) with ESMTP id 6DBFBB5D8B2 for ; Fri, 20 May 2011 13:35:25 -0300 (ADT) Received: by bwz15 with SMTP id 15so3104425bwz.19 for ; Fri, 20 May 2011 09:35:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=x313eTAqSs5g6nvPfwaqRL+MIXsH/NwEwkWig4jLwxc=; b=GoKxXSaZIIIaYiIG0MzlSy3GVdpJovutWEiXhzEkNQnPTJXsH0AoqDobenOt7djmeL LNoiB3gtraxsjKFy9McnSypvW68DMZ4sV8cftMgP3AKqRyfrHOx8eopzfPVZZdMw1tnG KTb8/vnWONTQ7IDObz2qAHAZGf2jkrkm9a/3c= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=wtXztqZwvAd0MQeWM6v68YpVT0nEfc1FrW8GXQyVWxQVBYHtQYi8pBh8noEBLNtO8j 26fDGgkU9AjjYalsR9k38cLNjRNyVlXyAGBtiJK6JNc6wrMMGZKDHizjRLwtqyQGG9tS U1LKKJ376RX7yGWqHuCAtBn7MCKqTTvQFYETo= MIME-Version: 1.0 Received: by 10.204.47.103 with SMTP id m39mr3975965bkf.4.1305909324076; Fri, 20 May 2011 09:35:24 -0700 (PDT) Received: by 10.204.39.140 with HTTP; Fri, 20 May 2011 09:35:24 -0700 (PDT) In-Reply-To: <4DD69445.3070507@lelarge.info> References: <4DD69445.3070507@lelarge.info> Date: Fri, 20 May 2011 12:35:24 -0400 Message-ID: Subject: Re: DROP TABLE can be issued by schema owner as well as table owner From: Derrick Rice To: Guillaume Lelarge Cc: pgsql-docs@postgresql.org Content-Type: multipart/alternative; boundary=00504502e37f5ed5c104a3b7b529 X-Virus-Scanned: Maia Mailguard 1.0.1 X-Spam-Status: No, hits=-1.897 tagged_above=-5 required=5 tests=BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RFC_ABUSE_POST=0.001 X-Spam-Level: X-Archive-Number: 201105/74 X-Sequence-Number: 6749 --00504502e37f5ed5c104a3b7b529 Content-Type: text/plain; charset=ISO-8859-1 On Fri, May 20, 2011 at 12:18 PM, Guillaume Lelarge wrote: > Well, for a specific object, any superuser, the database owner, the > schema owner, and the object owner could drop the object. This is not a > vulnerability. > It is not documented clearly. Any information not made clear is an opportunity for an error which leads to a vulnerability. It is not a vulnerability in postgresql itself. It is a vulnerability in an ill-designed system, which can come about due to misinformation / lack of clarity. Putting your first sentence ("For a specific object, any superuser, the database owner, the schema owner, and the object owner could drop the object.") in the documentation would remove the opportunity for error. --00504502e37f5ed5c104a3b7b529 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable

On Fri, May 20, 2011 at 12:18 PM, Guilla= ume Lelarge <guillaume@lelarge.info> wrote:
Well, for a specific object, any superuser, the database ow= ner, the
schema owner, and the object owner could drop the object. This is not a
vulnerability.

It is not documented clearly.=A0= Any information not made clear is an opportunity for an error which leads = to a vulnerability.

It is not a vulnerability in postgresql itself.= =A0 It is a vulnerability in an ill-designed system, which can come about d= ue to misinformation / lack of clarity.

Putting your first sentence ("For a specific object, any superuser= , the database owner, the schema owner, and the object owner could drop the= object.") in the documentation would remove the opportunity for error= .
--00504502e37f5ed5c104a3b7b529-- From alvherre@commandprompt.com Mon Jun 1 17:57:08 2026 Received: from maia.hub.org (maia-3.hub.org [200.46.204.243]) by mail.postgresql.org (Postfix) with ESMTP id 0C91CB5D95B for ; Fri, 20 May 2011 13:54:02 -0300 (ADT) Received: from mail.postgresql.org ([200.46.204.86]) by maia.hub.org (mx1.hub.org [200.46.204.243]) (amavisd-maia, port 10024) with ESMTP id 47060-04 for ; Fri, 20 May 2011 16:53:54 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from spinlock.commandprompt.com (host-215.commandprompt.net [207.173.203.215]) by mail.postgresql.org (Postfix) with ESMTP id 95ECEB5D832 for ; Fri, 20 May 2011 13:53:54 -0300 (ADT) Received: from localhost (localhost [127.0.0.1]) by spinlock.commandprompt.com (Postfix) with ESMTP id F3101348045; Fri, 20 May 2011 09:53:53 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at commandprompt.com Received: from spinlock.commandprompt.com ([127.0.0.1]) by localhost (spinlock.commandprompt.com.commandprompt.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BwXA1Cat1n0Q; Fri, 20 May 2011 09:53:52 -0700 (PDT) Received: from perhan.alvh.no-ip.org (unknown [200.85.213.137]) by spinlock.commandprompt.com (Postfix) with ESMTPSA id DF108348044; Fri, 20 May 2011 09:53:51 -0700 (PDT) Received: by perhan.alvh.no-ip.org (Postfix, from userid 1000) id B42AD6E35C; Fri, 20 May 2011 12:53:49 -0400 (CLT) Content-Type: text/plain; charset=UTF-8 Cc: Guillaume Lelarge , pgsql-docs Subject: Re: DROP TABLE can be issued by schema owner as well as table owner From: Alvaro Herrera To: Derrick Rice In-reply-to: References: <4DD69445.3070507@lelarge.info> Date: Fri, 20 May 2011 12:53:49 -0400 Message-Id: <1305910393-sup-7762@alvh.no-ip.org> User-Agent: Sup/git Content-Transfer-Encoding: 8bit X-Virus-Scanned: Maia Mailguard 1.0.1 X-Spam-Status: No, hits=-1.9 tagged_above=-5 required=5 tests=BAYES_00=-1.9 X-Spam-Level: X-Archive-Number: 201105/75 X-Sequence-Number: 6750 Excerpts from Derrick Rice's message of vie may 20 12:35:24 -0400 2011: > On Fri, May 20, 2011 at 12:18 PM, Guillaume Lelarge > wrote: > > > Well, for a specific object, any superuser, the database owner, the > > schema owner, and the object owner could drop the object. This is not a > > vulnerability. > > > > It is not documented clearly. Any information not made clear is an > opportunity for an error which leads to a vulnerability. So we need a standard caveat stmt on all relevant pages? Seems reasonable to me. -- Ãlvaro Herrera The PostgreSQL Company - Command Prompt, Inc. PostgreSQL Replication, Consulting, Custom Development, 24x7 support From guillaume@lelarge.info Mon Jun 1 17:57:08 2026 Received: from maia.hub.org (maia-3.hub.org [200.46.204.243]) by mail.postgresql.org (Postfix) with ESMTP id 5A273B5DBC1 for ; Fri, 20 May 2011 14:24:35 -0300 (ADT) Received: from mail.postgresql.org ([200.46.204.86]) by maia.hub.org (mx1.hub.org [200.46.204.243]) (amavisd-maia, port 10024) with ESMTP id 49568-03 for ; Fri, 20 May 2011 17:24:28 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from sd-17937.dedibox.fr (sd-17937.dedibox.fr [88.191.100.74]) by mail.postgresql.org (Postfix) with ESMTP id 37D8AB5DBB6 for ; Fri, 20 May 2011 14:24:28 -0300 (ADT) Received: from [192.168.10.3] (ASte-Genev-Bois-153-1-54-206.w81-249.abo.wanadoo.fr [81.249.148.206]) by sd-17937.dedibox.fr (Postfix) with ESMTPA id 8F3223B8F5; Fri, 20 May 2011 19:24:27 +0200 (CEST) Message-ID: <4DD6A3CA.3060302@lelarge.info> Date: Fri, 20 May 2011 19:24:26 +0200 From: Guillaume Lelarge User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110424 Thunderbird/3.1.10 MIME-Version: 1.0 To: Alvaro Herrera CC: Derrick Rice , pgsql-docs Subject: Re: DROP TABLE can be issued by schema owner as well as table owner References: <4DD69445.3070507@lelarge.info> <1305910393-sup-7762@alvh.no-ip.org> In-Reply-To: <1305910393-sup-7762@alvh.no-ip.org> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Virus-Scanned: Maia Mailguard 1.0.1 X-Spam-Status: No, hits=-1.9 tagged_above=-5 required=5 tests=BAYES_00=-1.9 X-Spam-Level: X-Archive-Number: 201105/76 X-Sequence-Number: 6751 Le 05/20/2011 06:53 PM, Alvaro Herrera a écrit : > Excerpts from Derrick Rice's message of vie may 20 12:35:24 -0400 2011: >> On Fri, May 20, 2011 at 12:18 PM, Guillaume Lelarge >> wrote: >> >>> Well, for a specific object, any superuser, the database owner, the >>> schema owner, and the object owner could drop the object. This is not a >>> vulnerability. >>> >> >> It is not documented clearly. Any information not made clear is an >> opportunity for an error which leads to a vulnerability. > > So we need a standard caveat stmt on all relevant pages? Seems > reasonable to me. > Could be. Not sure it's that important. -- Guillaume http://www.postgresql.fr http://dalibo.com From robertmhaas@gmail.com Mon Jun 1 17:57:08 2026 Received: from maia.hub.org (maia-2.hub.org [200.46.204.251]) by mail.postgresql.org (Postfix) with ESMTP id E97A6B5DBD7 for ; Mon, 13 Jun 2011 13:51:47 -0300 (ADT) Received: from mail.postgresql.org ([200.46.204.86]) by maia.hub.org (mx1.hub.org [200.46.204.251]) (amavisd-maia, port 10024) with ESMTP id 17748-03 for ; Mon, 13 Jun 2011 16:51:41 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-ey0-f174.google.com (mail-ey0-f174.google.com [209.85.215.174]) by mail.postgresql.org (Postfix) with ESMTP id 70352B5DBD6 for ; Mon, 13 Jun 2011 13:51:41 -0300 (ADT) Received: by eyx24 with SMTP id 24so1665881eyx.19 for ; Mon, 13 Jun 2011 09:51:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=LYl3M0Ib9xVAnz9JoK8YldG/YeHL/ppIyEy7KkmNrNc=; b=WZLu+uOhTl+b7tWacj5IrTDIzv4qFRSEikBRV2T7jEguKiAEGYi1/5LppRSUWKi2zE h3o75zaXC+KjAyogSfCbSarNWHuHZTMvMDMX00iQ28jxOilwXGPlU0OxN0pQyJ7b+VYj aDcTYs03lt7w2ND8hRDyMeKTyy5R46qWjJlzo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=YQMCoMt05VOMTZGnv6Ni4MvnmGj6yuyMFrd4R14//vCRlKCdnbReoCcKlFZ121eF0K gmvKsS8Gw/dKkU+DHanRlhq2S3ruHomHqUXWDY999hXmueMRDSr+Vbew5uhJwWTfuQ2d EEj85GWKRMYX+HZdKrdIPh2QoPuVN43s1EwQo= MIME-Version: 1.0 Received: by 10.14.4.209 with SMTP id 57mr2413385eej.87.1307983898822; Mon, 13 Jun 2011 09:51:38 -0700 (PDT) Received: by 10.14.96.4 with HTTP; Mon, 13 Jun 2011 09:51:38 -0700 (PDT) In-Reply-To: References: Date: Mon, 13 Jun 2011 12:51:38 -0400 Message-ID: Subject: Re: DROP TABLE can be issued by schema owner as well as table owner From: Robert Haas To: Derrick Rice Cc: pgsql-docs@postgresql.org Content-Type: text/plain; charset=ISO-8859-1 X-Virus-Scanned: Maia Mailguard 1.0.1 X-Spam-Status: No, hits=0.002 tagged_above=-5 required=5 tests=FREEMAIL_FROM=0.001, RFC_ABUSE_POST=0.001 X-Spam-Level: X-Archive-Number: 201106/42 X-Sequence-Number: 6816 On Fri, May 20, 2011 at 11:42 AM, Derrick Rice wrote: > According to > > http://www.postgresql.org/docs/9.0/interactive/sql-droptable.html > > "DROP TABLE removes tables from the database. Only its owner can drop a > table." > > In fact, the schema owner can drop the table, which is clearly stated here: > > http://www.postgresql.org/docs/9.0/interactive/sql-dropschema.html > > "A schema can only be dropped by its owner or a superuser. Note that the > owner can drop the schema (and thereby all contained objects) even if he > does not own some of the objects within the schema." The sentence really should be written a way that indicates that we're talking about who can execute this particular command, rather than who can manage to accomplish the removal of the object. I don't think it's practical to document the latter. We'd have to include: - the owner of the table - the superuser - the schema owner, since they could drop the entire schema - the database owner, since they could drop the entire database - the system administrator, since they could delete the entire data directory, or any part of it - the person with physical control of the machine, since they could remove and wipe the disk - any world leader with access to nuclear weapons, since they could... well, you get the idea Even if we excluded the last few, it would be quite wordy to recapitulate this for every object type. I suggest we steal the phraseology from "DROP FOREIGN DATA WRAPPER", which reads: To execute this command, the current user must be the owner of the foreign-data wrapper. The phrase "to execute this command" makes the scope of what follows clear: it's just who can run this command, NOT who might be able by indirect means to get rid of the object. To cover all bases, we could add ", or the superuser" to the end of the sentence. -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company From derrick.rice@gmail.com Mon Jun 1 17:57:08 2026 Received: from maia.hub.org (maia-5.hub.org [200.46.204.29]) by mail.postgresql.org (Postfix) with ESMTP id 86BAAB5DBC6 for ; Mon, 13 Jun 2011 17:40:22 -0300 (ADT) Received: from mail.postgresql.org ([200.46.204.86]) by maia.hub.org (mx1.hub.org [200.46.204.29]) (amavisd-maia, port 10024) with ESMTP id 32033-04 for ; Mon, 13 Jun 2011 20:40:14 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-bw0-f46.google.com (mail-bw0-f46.google.com [209.85.214.46]) by mail.postgresql.org (Postfix) with ESMTP id 52F96B5D800 for ; Mon, 13 Jun 2011 17:40:14 -0300 (ADT) Received: by bwz15 with SMTP id 15so4012182bwz.19 for ; Mon, 13 Jun 2011 13:40:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=sSIMut0D2DjjHYsJvi3C4SM7G0dknBCJaJftNn87oiE=; b=WbEtNjQV5Xyg3klhHs39dof9kL4dYT+uR/sfkDUE0zRsyrpC9nTXiM9jWHXaIyw44N SIshqrVVs38vMj+8jSP4GICCaCtk2xNizYFtfQzQYsKDF+ZLDqsE+opR0bVKGTdZrqLL 8oVIanebqG+5xemByIbfyZStPibn0uZ9J3A8w= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=UZ4SiffHezLxm7uM0YM6zgfxOvKDXS89N2vlX3nbmzILe2zg8dZBL0YrBMxlAN6qaq YZTIcnJql8MktkBE0pw43izNT/bY5mdv02aDnkAZ3qkcZSv2fCu9FmJ0lTJiPNfENrL6 HC7qaKWStfaYx1zY/vYjjGNqFySI8ftBdmv8Q= MIME-Version: 1.0 Received: by 10.204.100.2 with SMTP id w2mr1902082bkn.22.1307997613685; Mon, 13 Jun 2011 13:40:13 -0700 (PDT) Received: by 10.204.38.136 with HTTP; Mon, 13 Jun 2011 13:40:13 -0700 (PDT) In-Reply-To: References: Date: Mon, 13 Jun 2011 16:40:13 -0400 Message-ID: Subject: Re: DROP TABLE can be issued by schema owner as well as table owner From: Derrick Rice To: Robert Haas Cc: pgsql-docs@postgresql.org Content-Type: multipart/alternative; boundary=001636499157217a8504a59ded6b X-Virus-Scanned: Maia Mailguard 1.0.1 X-Spam-Status: No, hits=-1.897 tagged_above=-5 required=5 tests=BAYES_00=-1.9, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RFC_ABUSE_POST=0.001 X-Spam-Level: X-Archive-Number: 201106/54 X-Sequence-Number: 6828 --001636499157217a8504a59ded6b Content-Type: text/plain; charset=ISO-8859-1 > The sentence really should be written a way that indicates that we're > talking about who can execute this particular command, rather than who > can manage to accomplish the removal of the object. I don't think > it's practical to document the latter. We'd have to include: > > - the owner of the table > - the superuser > - the schema owner, since they could drop the entire schema > At least the schema owner can actually run DROP TABLE. Interestingly, the database owner CANNOT. > The phrase "to execute this command" makes the scope of what follows > clear: it's just who can run this command, NOT who might be able by > indirect means to get rid of the object. To cover all bases, we could > add ", or the superuser" to the end of the sentence. > > Example / Proof: postgres=# select version(); version ----- PostgreSQL 8.4.8 ...[snip] (1 row) postgres=# create role dbowner login password 'pass'; CREATE ROLE postgres=# create database testdb owner dbowner; CREATE DATABASE testdb=# create role schemaowner login password 'pass'; CREATE ROLE testdb=# create schema testschema; CREATE SCHEMA testdb=# alter schema testschema owner to schemaowner; ALTER SCHEMA testdb=# create role tableowner login password 'pass'; CREATE ROLE testdb=# create table testschema.testtable (val text); CREATE TABLE testdb=# alter table testschema.testtable owner to tableowner; ALTER TABLE testdb=# \c testdb schemaowner Password for user schemaowner: psql (8.4.8) You are now connected to database "testdb" as user "schemaowner". testdb=> \du schemaowner List of roles Role name | Attributes | Member of -------------+------------+----------- schemaowner | | {} testdb=> \dt+ testschema.testtable; List of relations Schema | Name | Type | Owner | Size | Description ------------+-----------+-------+------------+---------+------------- testschema | testtable | table | tableowner | 0 bytes | (1 row) testdb=> \dn+ testschema List of schemas Name | Owner | Access privileges | Description ------------+-------------+-------------------+------------- testschema | schemaowner | | (1 row) testdb=> drop table testschema.testtable; DROP TABLE If I try as DB owner: // reconnect as superuser. testdb=# create table testschema.testtable (val text); CREATE TABLE testdb=# alter table testschema.testtable owner to tableowner; ALTER TABLE testdb=# \c testdb dbowner; Password for user dbowner: psql (8.4.8) You are now connected to database "testdb" as user "dbowner". testdb=> drop table testschema.testtable; ERROR: permission denied for schema testschema Derrick --001636499157217a8504a59ded6b Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable
The sentence rea= lly should be written a way that indicates that we're
talking about who can execute this particular command, rather than who
can manage to accomplish the removal of the object. =A0I don't think it's practical to document the latter. =A0We'd have to include:

- the owner of the table
- the superuser
- the schema owner, since they could drop the entire schema

At least the schema owner can actually run DROP TABLE.=A0 Interes= tingly, the database owner CANNOT.
=A0
The phrase "to execute this command" makes the scope of what foll= ows
clear: it's just who can run this command, NOT who might be able by
indirect means to get rid of the object. =A0To cover all bases, we could add ", or the superuser" to the end of the sentence.


Example / Proof:

postgres=3D# select versi= on();=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0
=A0version
-----
= =A0PostgreSQL 8.4.8 ...[snip]
(1 row)

postgres=3D# create role db= owner login password 'pass';
CREATE ROLE
postgres=3D# create database testdb owner dbowner;
CREATE= DATABASE
testdb=3D# create role schemaowner login password 'pass= 9;;
CREATE ROLE
testdb=3D# create schema testschema;
CREATE SCHEMA=
testdb=3D# alter schema testschema owner to schemaowner;
ALTER SCHEMAtestdb=3D# create role tableowner login password 'pass';
CREATE= ROLE
testdb=3D# create table testschema.testtable (val text);
CREATE= TABLE
testdb=3D# alter table testschema.testtable owner to tableowner;
ALTER T= ABLE
testdb=3D# \c testdb schemaowner
Password for user schemaowner: =
psql (8.4.8)
You are now connected to database "testdb" as= user "schemaowner".

testdb=3D> \du schemaowner
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 List= of roles
=A0 Role name=A0 | Attributes | Member of
-------------+--= ----------+-----------
=A0schemaowner |=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= | {}

testdb=3D> \dt+ testschema.testtable;
=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0= List of relations
=A0=A0 Schema=A0=A0 |=A0=A0 Name=A0=A0=A0 | Type=A0 |= =A0=A0 Owner=A0=A0=A0 |=A0 Size=A0=A0 | Description
------------+------= -----+-------+------------+---------+-------------
=A0testschema | testt= able | table | tableowner | 0 bytes |
(1 row)

testdb=3D> \dn+ testschema
=A0=A0=A0=A0=A0=A0=A0=A0=A0= =A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 List of schemas
=A0=A0=A0 Name=A0= =A0=A0 |=A0=A0=A0 Owner=A0=A0=A0 | Access privileges | Description
----= --------+-------------+-------------------+-------------
=A0testschema |= schemaowner |=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0=A0 |
(1 row)

testdb=3D> drop table testschema.testtable;
DROP TABLE=


If I try as DB owner:

// reconnect as superuser.

= testdb=3D# create table testschema.testtable (val text);
CREATE TABLE testdb=3D# alter table testschema.testtable owner to tableowner;
ALTER T= ABLE
testdb=3D# \c testdb dbowner;
Password for user dbowner:
psq= l (8.4.8)
You are now connected to database "testdb" as user &= quot;dbowner".
testdb=3D> drop table testschema.testtable;
ERROR:=A0 permission deni= ed for schema testschema



Derrick

--001636499157217a8504a59ded6b-- From bruce@momjian.us Mon Jun 1 17:57:08 2026 Received: from maia.hub.org (maia-3.hub.org [200.46.204.243]) by mail.postgresql.org (Postfix) with ESMTP id C1106B5DBF9 for ; Thu, 13 Oct 2011 11:07:04 -0300 (ADT) Received: from mail.postgresql.org ([200.46.204.86]) by maia.hub.org (mx1.hub.org [200.46.204.243]) (amavisd-maia, port 10024) with ESMTP id 92787-01 for ; Thu, 13 Oct 2011 14:06:58 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.8.0-rc2 Received: from momjian.us (momjian.us [70.90.9.53]) by mail.postgresql.org (Postfix) with ESMTP id 9BCA0B5DBF5 for ; Thu, 13 Oct 2011 11:06:57 -0300 (ADT) Received: (from bruce@localhost) by momjian.us (8.11.6/8.11.6) id p9DE6uC25539; Thu, 13 Oct 2011 10:06:56 -0400 (EDT) From: Bruce Momjian Message-Id: <201110131406.p9DE6uC25539@momjian.us> Subject: Re: DROP TABLE can be issued by schema owner as well as table owner In-Reply-To: To: Robert Haas Date: Thu, 13 Oct 2011 10:06:56 -0400 (EDT) CC: Derrick Rice , pgsql-docs@postgresql.org X-Mailer: ELM [version 2.4ME+ PL124 (25)] MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="ELM1318514816-1529-7_" Content-Transfer-Encoding: 7bit X-Virus-Scanned: Maia Mailguard 1.0.1 X-Spam-Status: No, hits=-2.404 tagged_above=-5 required=5 tests=BAYES_00=-1.9, RP_MATCHES_RCVD=-0.504 X-Spam-Level: X-Archive-Number: 201110/42 X-Sequence-Number: 7042 --ELM1318514816-1529-7_ Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="US-ASCII" Robert Haas wrote: > On Fri, May 20, 2011 at 11:42 AM, Derrick Rice wrote: > > According to > > > > http://www.postgresql.org/docs/9.0/interactive/sql-droptable.html > > > > "DROP TABLE removes tables from the database. Only its owner can drop a > > table." > > > > In fact, the schema owner can drop the table, which is clearly stated here: > > > > http://www.postgresql.org/docs/9.0/interactive/sql-dropschema.html > > > > "A schema can only be dropped by its owner or a superuser. Note that the > > owner can drop the schema (and thereby all contained objects) even if he > > does not own some of the objects within the schema." > > The sentence really should be written a way that indicates that we're > talking about who can execute this particular command, rather than who > can manage to accomplish the removal of the object. I don't think > it's practical to document the latter. We'd have to include: > > - the owner of the table > - the superuser > - the schema owner, since they could drop the entire schema > - the database owner, since they could drop the entire database > - the system administrator, since they could delete the entire data > directory, or any part of it > - the person with physical control of the machine, since they could > remove and wipe the disk > - any world leader with access to nuclear weapons, since they could... > well, you get the idea > > Even if we excluded the last few, it would be quite wordy to > recapitulate this for every object type. I suggest we steal the > phraseology from "DROP FOREIGN DATA WRAPPER", which reads: > > To execute this command, the current user must be the owner of the > foreign-data wrapper. > > The phrase "to execute this command" makes the scope of what follows > clear: it's just who can run this command, NOT who might be able by > indirect means to get rid of the object. To cover all bases, we could > add ", or the superuser" to the end of the sentence. I applied the following documentation patch to clarify this issue, and used generic wording "user with the proper permissions". -- Bruce Momjian http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. + --ELM1318514816-1529-7_ Content-Transfer-Encoding: 7bit Content-Type: text/x-diff Content-Disposition: inline; filename="/rtmp/drop" diff --git a/doc/src/sgml/ref/drop_table.sgml b/doc/src/sgml/ref/drop_table.sgml new file mode 100644 index 26fe76e..239767f *** a/doc/src/sgml/ref/drop_table.sgml --- b/doc/src/sgml/ref/drop_table.sgml *************** DROP TABLE [ IF EXISTS ] DROP TABLE removes tables from the database. ! Only its owner can drop a table. To empty a table of rows without destroying the table, use or . --- 30,37 ---- DROP TABLE removes tables from the database. ! Only its owner and users with the proper permissions can drop a ! table. To empty a table of rows without destroying the table, use or . --ELM1318514816-1529-7_-- From robertmhaas@gmail.com Mon Jun 1 17:57:08 2026 Received: from maia.hub.org (maia-5.hub.org [200.46.204.29]) by mail.postgresql.org (Postfix) with ESMTP id D28DDB5DD04 for ; Fri, 14 Oct 2011 12:08:04 -0300 (ADT) Received: from mail.postgresql.org ([200.46.204.86]) by maia.hub.org (mx1.hub.org [200.46.204.29]) (amavisd-maia, port 10024) with ESMTP id 74153-03-4 for ; Fri, 14 Oct 2011 15:07:58 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0-rc2 Received: from mail-qy0-f181.google.com (mail-qy0-f181.google.com [209.85.216.181]) by mail.postgresql.org (Postfix) with ESMTP id 25353B5DCA5 for ; Fri, 14 Oct 2011 12:07:47 -0300 (ADT) Received: by qyk7 with SMTP id 7so2444611qyk.19 for ; Fri, 14 Oct 2011 08:07:46 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=E0FYL5Ui1SbhJO+0S1QWImLEihTOGEXCGzMC2FrtZ9M=; b=v2dVUTt0veZ/JTnTjOsu3ZPc0TElVwspv/5cjEKYF6xxeR+ZTb3S/hb5kwym0XuYzy syIPM11w28agQW3NHbhaMJHeYWfHHeBt8rQ5pDgyA1UmeoQ9wEaek7fFS1iRRTMuDqE0 pqN8p08PYPzqsZhWK0vf6bquZYLaIOuASQYoU= MIME-Version: 1.0 Received: by 10.229.64.222 with SMTP id f30mr1902229qci.227.1318604866513; Fri, 14 Oct 2011 08:07:46 -0700 (PDT) Received: by 10.229.159.14 with HTTP; Fri, 14 Oct 2011 08:07:46 -0700 (PDT) In-Reply-To: <201110131406.p9DE6uC25539@momjian.us> References: <201110131406.p9DE6uC25539@momjian.us> Date: Fri, 14 Oct 2011 11:07:46 -0400 Message-ID: Subject: Re: DROP TABLE can be issued by schema owner as well as table owner From: Robert Haas To: Bruce Momjian Cc: Derrick Rice , pgsql-docs@postgresql.org Content-Type: text/plain; charset=ISO-8859-1 X-Virus-Scanned: Maia Mailguard 1.0.1 X-Spam-Status: No, hits=-1.899 tagged_above=-5 required=5 tests=BAYES_00=-1.9, FREEMAIL_FROM=0.001 X-Spam-Level: X-Archive-Number: 201110/45 X-Sequence-Number: 7045 On Thu, Oct 13, 2011 at 10:06 AM, Bruce Momjian wrote: > I applied the following documentation patch to clarify this issue, and > used generic wording "user with the proper permissions". That doesn't seem like an improvement; what permissions are proper? -- Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company From bruce@momjian.us Mon Jun 1 17:57:08 2026 Received: from maia.hub.org (maia-3.hub.org [200.46.204.243]) by mail.postgresql.org (Postfix) with ESMTP id 67FD9B5DC72 for ; Fri, 14 Oct 2011 12:11:45 -0300 (ADT) Received: from mail.postgresql.org ([200.46.204.86]) by maia.hub.org (mx1.hub.org [200.46.204.243]) (amavisd-maia, port 10024) with ESMTP id 17796-03-2 for ; Fri, 14 Oct 2011 15:11:38 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.8.0-rc2 Received: from momjian.us (momjian.us [70.90.9.53]) by mail.postgresql.org (Postfix) with ESMTP id A5566B5DC5F for ; Fri, 14 Oct 2011 12:11:34 -0300 (ADT) Received: (from bruce@localhost) by momjian.us (8.11.6/8.11.6) id p9EFBXq01907; Fri, 14 Oct 2011 11:11:33 -0400 (EDT) From: Bruce Momjian Message-Id: <201110141511.p9EFBXq01907@momjian.us> Subject: Re: DROP TABLE can be issued by schema owner as well as table owner In-Reply-To: To: Robert Haas Date: Fri, 14 Oct 2011 11:11:33 -0400 (EDT) CC: Derrick Rice , pgsql-docs@postgresql.org X-Mailer: ELM [version 2.4ME+ PL124 (25)] MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="US-ASCII" X-Virus-Scanned: Maia Mailguard 1.0.1 X-Spam-Status: No, hits=-2.404 tagged_above=-5 required=5 tests=BAYES_00=-1.9, RP_MATCHES_RCVD=-0.504 X-Spam-Level: X-Archive-Number: 201110/46 X-Sequence-Number: 7046 Robert Haas wrote: > On Thu, Oct 13, 2011 at 10:06 AM, Bruce Momjian wrote: > > I applied the following documentation patch to clarify this issue, and > > used generic wording "user with the proper permissions". > > That doesn't seem like an improvement; what permissions are proper? No idea, but it hints that other users can do it too. I thought too specific was too complex for this case. -- Bruce Momjian http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. + From robertmhaas@gmail.com Mon Jun 1 17:57:08 2026 Received: from maia.hub.org (maia-3.hub.org [200.46.204.243]) by mail.postgresql.org (Postfix) with ESMTP id 1D94FB5DBF5 for ; Sat, 15 Oct 2011 07:29:21 -0300 (ADT) Received: from mail.postgresql.org ([200.46.204.86]) by maia.hub.org (mx1.hub.org [200.46.204.243]) (amavisd-maia, port 10024) with ESMTP id 20861-10 for ; Sat, 15 Oct 2011 10:29:14 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0-rc2 Received: from mail-qw0-f46.google.com (mail-qw0-f46.google.com [209.85.216.46]) by mail.postgresql.org (Postfix) with ESMTP id 414C3B5DBE0 for ; Sat, 15 Oct 2011 07:29:14 -0300 (ADT) Received: by qadb15 with SMTP id b15so1344599qad.19 for ; Sat, 15 Oct 2011 03:29:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=aeUjre3N1y7hOPJBQxCgGqpilY8+VuCC/cPsnBZiF2I=; b=fO+PF5FTsVYTZgI0yO8yJ8coH9USqRqhhSt7diBRiOSF50BrePWEpzzkd2dzp7fWt7 mVn9uT6WqYRoQ4Z0vy4jlT9UrKmBYTwDhWRMo+/mSEneWwYPLnuBE874QONB6e+IWs5Q MBekcb2viKMo9woLUoX3UdZsDE6U+r+jpQ0Z4= MIME-Version: 1.0 Received: by 10.224.202.8 with SMTP id fc8mr10222320qab.10.1318674554104; Sat, 15 Oct 2011 03:29:14 -0700 (PDT) Received: by 10.224.100.70 with HTTP; Sat, 15 Oct 2011 03:29:14 -0700 (PDT) In-Reply-To: <201110141511.p9EFBXq01907@momjian.us> References: <201110141511.p9EFBXq01907@momjian.us> Date: Sat, 15 Oct 2011 06:29:14 -0400 Message-ID: Subject: Re: DROP TABLE can be issued by schema owner as well as table owner From: Robert Haas To: Bruce Momjian Cc: Derrick Rice , pgsql-docs@postgresql.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Virus-Scanned: Maia Mailguard 1.0.1 X-Spam-Status: No, hits=-1.899 tagged_above=-5 required=5 tests=BAYES_00=-1.9, FREEMAIL_FROM=0.001 X-Spam-Level: X-Archive-Number: 201110/49 X-Sequence-Number: 7049 On Fri, Oct 14, 2011 at 11:11 AM, Bruce Momjian wrote: > Robert Haas wrote: >> On Thu, Oct 13, 2011 at 10:06 AM, Bruce Momjian wrote= : >> > I applied the following documentation patch to clarify this issue, and >> > used generic wording "user with the proper permissions". >> >> That doesn't seem like an improvement; what permissions are proper? > > No idea, but it hints that other users can do it too. =A0I thought too > specific was too complex for this case. I disagree. I think it's the purpose of documentation to be specific. The code says: /* Allow DROP to either table owner or schema owner */ if (!pg_class_ownercheck(relOid, GetUserId()) && !pg_namespace_ownercheck(classform->relnamespace, GetUserId())) aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS, rel->relname); So the command can be executed by the owner of the table, the owner of the containing schema, or the superuser. That seems simple enough. --=20 Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company From bruce@momjian.us Mon Jun 1 17:57:08 2026 Received: from maia.hub.org (maia-5.hub.org [200.46.204.29]) by mail.postgresql.org (Postfix) with ESMTP id 5047AB5DC1A for ; Sat, 15 Oct 2011 11:08:19 -0300 (ADT) Received: from mail.postgresql.org ([200.46.204.86]) by maia.hub.org (mx1.hub.org [200.46.204.29]) (amavisd-maia, port 10024) with ESMTP id 58781-01 for ; Sat, 15 Oct 2011 14:08:12 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.8.0-rc2 Received: from momjian.us (momjian.us [70.90.9.53]) by mail.postgresql.org (Postfix) with ESMTP id 4D7E7B5DC1C for ; Sat, 15 Oct 2011 11:08:12 -0300 (ADT) Received: (from bruce@localhost) by momjian.us (8.11.6/8.11.6) id p9FE8CK02232; Sat, 15 Oct 2011 10:08:12 -0400 (EDT) From: Bruce Momjian Message-Id: <201110151408.p9FE8CK02232@momjian.us> Subject: Re: DROP TABLE can be issued by schema owner as well as table owner In-Reply-To: To: Robert Haas Date: Sat, 15 Oct 2011 10:08:11 -0400 (EDT) CC: Derrick Rice , pgsql-docs@postgresql.org X-Mailer: ELM [version 2.4ME+ PL124 (25)] MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="ELM1318687691-6644-1_" Content-Transfer-Encoding: 7bit X-Virus-Scanned: Maia Mailguard 1.0.1 X-Spam-Status: No, hits=-2.404 tagged_above=-5 required=5 tests=BAYES_00=-1.9, RP_MATCHES_RCVD=-0.504 X-Spam-Level: X-Archive-Number: 201110/52 X-Sequence-Number: 7052 --ELM1318687691-6644-1_ Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset="US-ASCII" Robert Haas wrote: > On Fri, Oct 14, 2011 at 11:11 AM, Bruce Momjian wrote: > > Robert Haas wrote: > >> On Thu, Oct 13, 2011 at 10:06 AM, Bruce Momjian wrote: > >> > I applied the following documentation patch to clarify this issue, and > >> > used generic wording "user with the proper permissions". > >> > >> That doesn't seem like an improvement; what permissions are proper? > > > > No idea, but it hints that other users can do it too. ?I thought too > > specific was too complex for this case. > > I disagree. I think it's the purpose of documentation to be specific. > The code says: > > /* Allow DROP to either table owner or schema owner */ > if (!pg_class_ownercheck(relOid, GetUserId()) && > !pg_namespace_ownercheck(classform->relnamespace, GetUserId())) > aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS, > rel->relname); > > So the command can be executed by the owner of the table, the owner of > the containing schema, or the superuser. > > That seems simple enough. OK, done. -- Bruce Momjian http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. + --ELM1318687691-6644-1_ Content-Transfer-Encoding: 7bit Content-Type: text/x-diff Content-Disposition: inline; filename="/rtmp/drop" diff --git a/doc/src/sgml/ref/drop_table.sgml b/doc/src/sgml/ref/drop_table.sgml new file mode 100644 index 239767f..fc51c7c *** a/doc/src/sgml/ref/drop_table.sgml --- b/doc/src/sgml/ref/drop_table.sgml *************** DROP TABLE [ IF EXISTS ] DROP TABLE removes tables from the database. ! Only its owner and users with the proper permissions can drop a table. To empty a table of rows without destroying the table, use or . --- 30,36 ---- DROP TABLE removes tables from the database. ! Only the table owner, the schema owner, and superuser can drop a table. To empty a table of rows without destroying the table, use or . --ELM1318687691-6644-1_--