Re: Role membership and DROP - Mailing list pgsql-hackers

Laurenz Albe <laurenz.albe@cybertec.at> writes:
> On Fri, 2019-11-15 at 13:41 -0500, Tom Lane wrote:
>> Laurenz Albe <laurenz.albe@cybertec.at> writes:
>>> On Wed, 2019-11-13 at 17:17 -0500, Tom Lane wrote:
>>>> It might be worth clarifying this point in section 5.7,
>>>> https://www.postgresql.org/docs/devel/ddl-priv.html

> I like your second sentence, but I think that "the right ... is inherent
> in being the ... owner" is unnecessarily complicated.
> Removing the "always" and "only" makes the apparent contradiction between
> the sentences less jarring to me.

I think it's important to emphasize that this is implicit in object
ownership.

Looking at the page again, I notice that there's a para a little further
down that overlaps quite a bit with what we're discussing here, but it's
about implicit grant options rather than the right to DROP.  In the
attached, I reworded that too, and moved it because it's not fully
intelligible until we've explained grant options.  Thoughts?

            regards, tom lane

diff --git a/doc/src/sgml/ddl.sgml b/doc/src/sgml/ddl.sgml
index 9d6ec2c..0be0774 100644
--- a/doc/src/sgml/ddl.sgml
+++ b/doc/src/sgml/ddl.sgml
@@ -1578,8 +1578,10 @@ ALTER TABLE products RENAME TO items;
   </para>

   <para>
-   The right to modify or destroy an object is always the privilege of
-   the owner only.
+   The right to modify or destroy an object is inherent in being the
+   object's owner, and cannot be granted or revoked in itself.
+   (However, like all privileges, that right can be inherited by
+   members of the owning role; see <xref linkend="role-membership"/>.)
   </para>

   <para>
@@ -1614,17 +1616,11 @@ GRANT UPDATE ON accounts TO joe;
   </para>

   <para>
-   To revoke a privilege, use the fittingly named
+   To revoke a previously-granted privilege, use the fittingly named
    <xref linkend="sql-revoke"/> command:
 <programlisting>
 REVOKE ALL ON accounts FROM PUBLIC;
 </programlisting>
-   The special privileges of the object owner (i.e., the right to do
-   <command>DROP</command>, <command>GRANT</command>, <command>REVOKE</command>, etc.)
-   are always implicit in being the owner,
-   and cannot be granted or revoked.  But the object owner can choose
-   to revoke their own ordinary privileges, for example to make a
-   table read-only for themselves as well as others.
   </para>

   <para>
@@ -1639,6 +1635,13 @@ REVOKE ALL ON accounts FROM PUBLIC;
   </para>

   <para>
+   An object's owner can choose to revoke their own ordinary privileges,
+   for example to make a table read-only for themselves as well as others.
+   But owners are always treated as holding all grant options, so they
+   can always re-grant their own privileges.
+  </para>
+
+  <para>
    The available privileges are:

    <variablelist>