Laurenz Albe <laurenz.albe@cybertec.at> writes:
> I realized only today that if role A is a member of role B,
> A can ALTER and DROP objects owned by B.
> I don't have a problem with that, but the documentation seems to
> suggest otherwise. For example, for DROP TABLE:
> Only the table owner, the schema owner, and superuser can drop a table.
Generally, if you are a member of a role, that means you are the role for
privilege-test purposes. I'm not on board with adding "(or a member of
that role)" to every place it could conceivably be added; I think that
would be more annoying than helpful.
It might be worth clarifying this point in section 5.7,
https://www.postgresql.org/docs/devel/ddl-priv.html
but let's not duplicate that in every ref/ page.
regards, tom lane
