Thread: BUG #15095: schema's owner can drop object's in his schema

BUG #15095: schema's owner can drop object's in his schema

From

PG Bug reporting form

Date:

02 March 2018, 15:14:47

The following bug has been logged on the website:

Bug reference:      15095
Logged by:          Zhou Digoal
Email address:      digoal@126.com
PostgreSQL version: 10.2
Operating system:   centos 7.x x64
Description:

Schema's owner can drop object's in his schema, I think this is an risk if
multi-user use the same schema. 

exp:

```
postgres=# create database pp owner postgres;
CREATE DATABASE
postgres=# grant create on database pp to pp;
GRANT
postgres=# \c pp pp
You are now connected to database "pp" as user "pp".
pp=> create schema abc;
CREATE SCHEMA
pp=> \c pp postgres
You are now connected to database "pp" as user "postgres".
pp=# create table abc.a(id int);
CREATE TABLE
pp=# insert into abc.a values (1);
INSERT 0 1
pp=# \c pp pp
You are now connected to database "pp" as user "pp".
pp=> select * from abc.a;
ERROR:  permission denied for relation a
pp=> drop table abc.a;
DROP TABLE
```

best regards,
digoal.

Re: BUG #15095: schema's owner can drop object's in his schema

From

Tom Lane

Date:

02 March 2018, 20:46:39

=?utf-8?q?PG_Bug_reporting_form?= <noreply@postgresql.org> writes:
> Schema's owner can drop object's in his schema, I think this is an risk if
> multi-user use the same schema. 

This is not a bug, it's a documented behavior.  It's not much different
from the fact that a database owner can drop his database.

            regards, tom lane