Received: from maia.hub.org (maia-3.hub.org [200.46.204.243]) by mail.postgresql.org (Postfix) with ESMTP id 1D94FB5DBF5 for ; Sat, 15 Oct 2011 07:29:21 -0300 (ADT) Received: from mail.postgresql.org ([200.46.204.86]) by maia.hub.org (mx1.hub.org [200.46.204.243]) (amavisd-maia, port 10024) with ESMTP id 20861-10 for ; Sat, 15 Oct 2011 10:29:14 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.8.0-rc2 Received: from mail-qw0-f46.google.com (mail-qw0-f46.google.com [209.85.216.46]) by mail.postgresql.org (Postfix) with ESMTP id 414C3B5DBE0 for ; Sat, 15 Oct 2011 07:29:14 -0300 (ADT) Received: by qadb15 with SMTP id b15so1344599qad.19 for ; Sat, 15 Oct 2011 03:29:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=aeUjre3N1y7hOPJBQxCgGqpilY8+VuCC/cPsnBZiF2I=; b=fO+PF5FTsVYTZgI0yO8yJ8coH9USqRqhhSt7diBRiOSF50BrePWEpzzkd2dzp7fWt7 mVn9uT6WqYRoQ4Z0vy4jlT9UrKmBYTwDhWRMo+/mSEneWwYPLnuBE874QONB6e+IWs5Q MBekcb2viKMo9woLUoX3UdZsDE6U+r+jpQ0Z4= MIME-Version: 1.0 Received: by 10.224.202.8 with SMTP id fc8mr10222320qab.10.1318674554104; Sat, 15 Oct 2011 03:29:14 -0700 (PDT) Received: by 10.224.100.70 with HTTP; Sat, 15 Oct 2011 03:29:14 -0700 (PDT) In-Reply-To: <201110141511.p9EFBXq01907@momjian.us> References: <201110141511.p9EFBXq01907@momjian.us> Date: Sat, 15 Oct 2011 06:29:14 -0400 Message-ID: Subject: Re: DROP TABLE can be issued by schema owner as well as table owner From: Robert Haas To: Bruce Momjian Cc: Derrick Rice , pgsql-docs@postgresql.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Virus-Scanned: Maia Mailguard 1.0.1 X-Spam-Status: No, hits=-1.899 tagged_above=-5 required=5 tests=BAYES_00=-1.9, FREEMAIL_FROM=0.001 X-Spam-Level: X-Archive-Number: 201110/49 X-Sequence-Number: 7049 On Fri, Oct 14, 2011 at 11:11 AM, Bruce Momjian wrote: > Robert Haas wrote: >> On Thu, Oct 13, 2011 at 10:06 AM, Bruce Momjian wrote= : >> > I applied the following documentation patch to clarify this issue, and >> > used generic wording "user with the proper permissions". >> >> That doesn't seem like an improvement; what permissions are proper? > > No idea, but it hints that other users can do it too. =A0I thought too > specific was too complex for this case. I disagree. I think it's the purpose of documentation to be specific. The code says: /* Allow DROP to either table owner or schema owner */ if (!pg_class_ownercheck(relOid, GetUserId()) && !pg_namespace_ownercheck(classform->relnamespace, GetUserId())) aclcheck_error(ACLCHECK_NOT_OWNER, ACL_KIND_CLASS, rel->relname); So the command can be executed by the owner of the table, the owner of the containing schema, or the superuser. That seems simple enough. --=20 Robert Haas EnterpriseDB: http://www.enterprisedb.com The Enterprise PostgreSQL Company