public inbox for [email protected]
help / color / mirror / Atom feedFrom: Derrick Rice <[email protected]>
To: [email protected]
Subject: DROP TABLE can be issued by schema owner as well as table owner
Date: Fri, 20 May 2011 11:42:32 -0400
Message-ID: <[email protected]> (raw)
According to
http://www.postgresql.org/docs/9.0/interactive/sql-droptable.html
"DROP TABLE removes tables from the database. Only its owner can drop a
table."
In fact, the schema owner can drop the table, which is clearly stated here:
http://www.postgresql.org/docs/9.0/interactive/sql-dropschema.html
"A schema can only be dropped by its owner or a superuser. Note that the
owner can drop the schema (and thereby all contained objects) even if he
does not own some of the objects within the schema."
There are likely other places besides the DROP TABLE page which can be
misleading with regard to ability to drop a table. This should be made more
clear, since in (possibly contrived) circumstances, being able to drop a
table and recreate an exactly similar table may be a vulnerability (if the
design assumed the table could only be dropped by the owner).
(Just joined the list to post this -- sorry if it has already been brought
up)
Derrick
view thread (12+ messages) latest in thread
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected]
Subject: Re: DROP TABLE can be issued by schema owner as well as table owner
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox