The following bug has been logged on the website:
Bug reference: 14131
Logged by: digoal
Email address: digoal@126.com
PostgreSQL version: 9.5.2
Operating system: CentOS 6.x x64
Description:
According to the SQL standard, the owner of a schema always owns all objects
within it. PostgreSQL allows schemas to contain objects owned by users other
than the schema owner. This can happen only if the schema owner grants the
CREATE privilege on his schema to someone else, or a superuser chooses to
create objects in it.
postgres=# create role r1 login;
CREATE ROLE
postgres=# create role r2 login;
CREATE ROLE
postgres=# grant all on database postgres to r1;
GRANT
postgres=# grant all on database postgres to r2;
GRANT
postgres=# \c postgres r1;
postgres=> create schema r1;
CREATE SCHEMA
postgres=> grant all on schema r1 to r2;
GRANT
postgres=> \c postgres r2;
postgres=> create table r1.t(id int);
CREATE TABLE
postgres=> \c postgres postgres
postgres=# create table r1.t1(id int);
CREATE TABLE
postgres=# \c postgres r1
postgres=> drop table r1.t;
DROP TABLE
postgres=> drop table r1.t1;
DROP TABLE
schema r1's owenr is r1.
i create two table in schema r1, these table's owner is r2 and postgres. but
schema r1's owner r1 can drop r2 and postgres's table in schema r1.
it's so bad for dba?
