From: Bruce Momjian <bruce@momjian.us>
Message-Id: <201110131406.p9DE6uC25539@momjian.us>
Subject: Re: DROP TABLE can be issued by schema owner as well
 as table owner
In-Reply-To: <BANLkTin=O5ovGF=tFWk-53Y=5bduuY=E-g@mail.gmail.com>
To: Robert Haas <robertmhaas@gmail.com>
Date: Thu, 13 Oct 2011 10:06:56 -0400 (EDT)
CC: Derrick Rice <derrick.rice@gmail.com>, pgsql-docs@postgresql.org
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="ELM1318514816-1529-7_"
Content-Transfer-Encoding: 7bit


--ELM1318514816-1529-7_
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="US-ASCII"

Robert Haas wrote:
> On Fri, May 20, 2011 at 11:42 AM, Derrick Rice <derrick.rice@gmail.com> wrote:
> > According to
> >
> > http://www.postgresql.org/docs/9.0/interactive/sql-droptable.html
> >
> > "DROP TABLE removes tables from the database. Only its owner can drop a
> > table."
> >
> > In fact, the schema owner can drop the table, which is clearly stated here:
> >
> > http://www.postgresql.org/docs/9.0/interactive/sql-dropschema.html
> >
> > "A schema can only be dropped by its owner or a superuser. Note that the
> > owner can drop the schema (and thereby all contained objects) even if he
> > does not own some of the objects within the schema."
> 
> The sentence really should be written a way that indicates that we're
> talking about who can execute this particular command, rather than who
> can manage to accomplish the removal of the object.  I don't think
> it's practical to document the latter.  We'd have to include:
> 
> - the owner of the table
> - the superuser
> - the schema owner, since they could drop the entire schema
> - the database owner, since they could drop the entire database
> - the system administrator, since they could delete the entire data
> directory, or any part of it
> - the person with physical control of the machine, since they could
> remove and wipe the disk
> - any world leader with access to nuclear weapons, since they could...
> well, you get the idea
> 
> Even if we excluded the last few, it would be quite wordy to
> recapitulate this for every object type.  I suggest we steal the
> phraseology from "DROP FOREIGN DATA WRAPPER", which reads:
> 
> To execute this command, the current user must be the owner of the
> foreign-data wrapper.
> 
> The phrase "to execute this command" makes the scope of what follows
> clear: it's just who can run this command, NOT who might be able by
> indirect means to get rid of the object.  To cover all bases, we could
> add ", or the superuser" to the end of the sentence.

I applied the following documentation patch to clarify this issue, and
used generic wording "user with the proper permissions".

-- 
  Bruce Momjian  <bruce@momjian.us>        http://momjian.us
  EnterpriseDB                             http://enterprisedb.com

  + It's impossible for everything to be true. +

--ELM1318514816-1529-7_
Content-Transfer-Encoding: 7bit
Content-Type: text/x-diff
Content-Disposition: inline; filename="/rtmp/drop"

diff --git a/doc/src/sgml/ref/drop_table.sgml b/doc/src/sgml/ref/drop_table.sgml
new file mode 100644
index 26fe76e..239767f
*** a/doc/src/sgml/ref/drop_table.sgml
--- b/doc/src/sgml/ref/drop_table.sgml
*************** DROP TABLE [ IF EXISTS ] <replaceable cl
*** 30,36 ****
  
    <para>
     <command>DROP TABLE</command> removes tables from the database.
!    Only its owner can drop a table.  To empty a table of rows
     without destroying the table, use <xref linkend="sql-delete">
     or <xref linkend="sql-truncate">.
    </para>
--- 30,37 ----
  
    <para>
     <command>DROP TABLE</command> removes tables from the database.
!    Only its owner and users with the proper permissions can drop a
!    table.  To empty a table of rows
     without destroying the table, use <xref linkend="sql-delete">
     or <xref linkend="sql-truncate">.
    </para>

--ELM1318514816-1529-7_--