public inbox for [email protected]
help / color / mirror / Atom feedFrom: Laurenz Albe <[email protected]>
To: Tom Lane <[email protected]>
Cc: [email protected]
Cc: [email protected]
Subject: Re: Role membership and DROP
Date: Mon, 18 Nov 2019 15:40:51 +0100
Message-ID: <[email protected]> (raw)
In-Reply-To: <[email protected]>
References: <[email protected]>
<[email protected]>
<[email protected]>
<[email protected]>
On Fri, 2019-11-15 at 13:41 -0500, Tom Lane wrote:
> Laurenz Albe <[email protected]> writes:
> > On Wed, 2019-11-13 at 17:17 -0500, Tom Lane wrote:
> > > It might be worth clarifying this point in section 5.7,
> > > https://www.postgresql.org/docs/devel/ddl-priv.html
> > > but let's not duplicate that in every ref/ page.
> > I have attached a proposed patch.
>
> <para>
> The right to modify or destroy an object is always the privilege of
> - the owner only.
> + the owner. Like all privileges, that right can be inherited by members of
> + the owning role.
> </para>
>
> Hm. This is more or less contradicting the original meaning of the
> existing sentence, so maybe we need to rewrite a bit more. What do
> you think of
>
> The right to modify or destroy an object is inherent in being the
> object's owner. Like all privileges, that right can be inherited by
> members of the owning role; but there is no way to grant or revoke
> it more selectively.
>
> A larger problem (pre-existing, since there's a reference to being a
> member of the owning role just a bit further down) is that I don't think
> we've defined role membership at this point, so the reader is quite
> entitled to come away more confused than they were before. It might not
> be advisable to try to cover role membership here, but we should at
> least add a cross-reference to where it's explained.
I think you are right about the potential confusion; I have added a
cross-reference. That cross-reference is hopefully still in short-term
memory when the reader proceeds to the second reference to role membership
a few sentences later.
I like your second sentence, but I think that "the right ... is inherent
in being the ... owner" is unnecessarily complicated.
Removing the "always" and "only" makes the apparent contradiction between
the sentences less jarring to me.
I won't fight about words though. Attached is my second attempt.
Yours,
Laurenz Albe
Attachments:
[text/x-patch] 0001-Document-that-the-right-to-ALTER-or-DROP-is-hereditary.V2.patch (1.0K, 2-0001-Document-that-the-right-to-ALTER-or-DROP-is-hereditary.V2.patch)
download | inline diff:
From 2e3abaaa3b0a5deb006d2210c3e66f5b3571bfd2 Mon Sep 17 00:00:00 2001
From: Laurenz Albe <[email protected]>
Date: Mon, 18 Nov 2019 15:23:10 +0100
Subject: [PATCH] Document that the right to ALTER or DROP is hereditary
Discussion: https://postgr.es/m/[email protected]
---
doc/src/sgml/ddl.sgml | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/doc/src/sgml/ddl.sgml b/doc/src/sgml/ddl.sgml
index 9d6ec2c738..030c896f82 100644
--- a/doc/src/sgml/ddl.sgml
+++ b/doc/src/sgml/ddl.sgml
@@ -1578,8 +1578,10 @@ ALTER TABLE products RENAME TO items;
</para>
<para>
- The right to modify or destroy an object is always the privilege of
- the owner only.
+ The right to modify or destroy an object is the privilege of the owner.
+ Like all privileges, that right can be inherited by members of the owning role,
+ but there is no way to grant or revoke it more selectively.
+ See <xref linkend="role-membership"/> for more about role membership.
</para>
<para>
--
2.21.0
view thread (8+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected], [email protected], [email protected]
Subject: Re: Role membership and DROP
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox