Home > mailing lists

Re: Why does the owner of a publication need CREATE privileges on the database? - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Why does the owner of a publication need CREATE privileges on the database?
Date	August 10, 2021 18:21:28
Msg-id	3786970.1628608888@sss.pgh.pa.us Whole thread Raw
In response to	Re: Why does the owner of a publication need CREATE privileges on the database? (Amit Kapila <amit.kapila16@gmail.com>)
List	pgsql-hackers

Tree view

Amit Kapila <amit.kapila16@gmail.com> writes:
> On Tue, Jul 27, 2021 at 11:29 PM Mark Dilger
> <mark.dilger@enterprisedb.com> wrote:
>> The documentation for ALTER PUBLICATION ... OWNER TO ... claims the new owner must have CREATE privilege on the
database,though superuser can change the ownership in spite of this restriction.  No explanation is given for this
requirement.

> I am not aware of the original thought process behind this but current
> behavior seems reasonable because if users need to have CREATE
> privilege on the database while Create Publication, the same should be
> true while we change the owner to a new owner.

I think that for most (all?) forms of ALTER, we say that you need the same
privileges as you would need to drop the existing object and create a new
one with the new properties.  From the standpoint of the privilege
system, ALTER is just a shortcut for that.

            regards, tom lane

pgsql-hackers by date:

From: Fujii Masao
Date: 10 August 2021, 18:21:11
Subject: Re: RFC: Logging plan of the running query

From: Robert Haas
Date: 10 August 2021, 18:25:55
Subject: Re: when the startup process doesn't (logging startup delays)

Re: Why does the owner of a publication need CREATE privileges on the database? - Mailing list pgsql-hackers

Previous

Next