On Mon, Aug 11, 2025 at 1:55 PM Robert Haas <robertmhaas@gmail.com> wrote: > [ some review ]
Another thing that's occurring to me here is that nothing prevents other objects from making their way into the owned schema. Sure, if we create a new schema with nobody having any permissions, then only the creating role or some role that has its privileges can add anything in there. But that could happen by accident, or privileges could later be granted and somebody could add something into the extension schema after that. I wonder whether we should lock this down tighter somehow and altogether forbid creating objects in that schema except from an extension create/upgrade script for the owning extension.
I think that it would be too strict. One not too uncommon scenario is an extension in a dedicated schema that creates additional objects dynamically, for instance creating new partitions using triggers on one of the extension table. Such objects are not part of the extension and yet are in control of the extension.
As an example powa already relies on that a lot (it creates new tables if you register a new extension dynamically), and I'm about to add a feature that create/drops s a bunch of inherited tables via a trigger when a remote server is added / removed. I'm sure that there are a lot of other extensions doing something similar.
