Re: DROP TABLE can be issued by schema owner as well as table owner - Mailing list pgsql-docs
| From | Bruce Momjian |
|---|---|
| Subject | Re: DROP TABLE can be issued by schema owner as well as table owner |
| Date | |
| Msg-id | 201110131406.p9DE6uC25539@momjian.us Whole thread Raw |
| In response to | Re: DROP TABLE can be issued by schema owner as well as table owner (Robert Haas <robertmhaas@gmail.com>) |
| Responses |
Re: DROP TABLE can be issued by schema owner as well as table owner
|
| List | pgsql-docs |
Robert Haas wrote: > On Fri, May 20, 2011 at 11:42 AM, Derrick Rice <derrick.rice@gmail.com> wrote: > > According to > > > > http://www.postgresql.org/docs/9.0/interactive/sql-droptable.html > > > > "DROP TABLE removes tables from the database. Only its owner can drop a > > table." > > > > In fact, the schema owner can drop the table, which is clearly stated here: > > > > http://www.postgresql.org/docs/9.0/interactive/sql-dropschema.html > > > > "A schema can only be dropped by its owner or a superuser. Note that the > > owner can drop the schema (and thereby all contained objects) even if he > > does not own some of the objects within the schema." > > The sentence really should be written a way that indicates that we're > talking about who can execute this particular command, rather than who > can manage to accomplish the removal of the object. I don't think > it's practical to document the latter. We'd have to include: > > - the owner of the table > - the superuser > - the schema owner, since they could drop the entire schema > - the database owner, since they could drop the entire database > - the system administrator, since they could delete the entire data > directory, or any part of it > - the person with physical control of the machine, since they could > remove and wipe the disk > - any world leader with access to nuclear weapons, since they could... > well, you get the idea > > Even if we excluded the last few, it would be quite wordy to > recapitulate this for every object type. I suggest we steal the > phraseology from "DROP FOREIGN DATA WRAPPER", which reads: > > To execute this command, the current user must be the owner of the > foreign-data wrapper. > > The phrase "to execute this command" makes the scope of what follows > clear: it's just who can run this command, NOT who might be able by > indirect means to get rid of the object. To cover all bases, we could > add ", or the superuser" to the end of the sentence. I applied the following documentation patch to clarify this issue, and used generic wording "user with the proper permissions". -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + It's impossible for everything to be true. + diff --git a/doc/src/sgml/ref/drop_table.sgml b/doc/src/sgml/ref/drop_table.sgml new file mode 100644 index 26fe76e..239767f *** a/doc/src/sgml/ref/drop_table.sgml --- b/doc/src/sgml/ref/drop_table.sgml *************** DROP TABLE [ IF EXISTS ] <replaceable cl *** 30,36 **** <para> <command>DROP TABLE</command> removes tables from the database. ! Only its owner can drop a table. To empty a table of rows without destroying the table, use <xref linkend="sql-delete"> or <xref linkend="sql-truncate">. </para> --- 30,37 ---- <para> <command>DROP TABLE</command> removes tables from the database. ! Only its owner and users with the proper permissions can drop a ! table. To empty a table of rows without destroying the table, use <xref linkend="sql-delete"> or <xref linkend="sql-truncate">. </para>
pgsql-docs by date: