BUG #15095: schema's owner can drop object's in his schema

Started by PG Bug reporting formabout 8 years ago2 messagesbugs

noreply@postgresql.org

about 8 years ago

The following bug has been logged on the website:

Bug reference: 15095
Logged by: Zhou Digoal
Email address: digoal@126.com
PostgreSQL version: 10.2
Operating system: centos 7.x x64
Description:

Schema's owner can drop object's in his schema, I think this is an risk if
multi-user use the same schema.

exp:

```
postgres=# create database pp owner postgres;
CREATE DATABASE
postgres=# grant create on database pp to pp;
GRANT
postgres=# \c pp pp
You are now connected to database "pp" as user "pp".
pp=> create schema abc;
CREATE SCHEMA
pp=> \c pp postgres
You are now connected to database "pp" as user "postgres".
pp=# create table abc.a(id int);
CREATE TABLE
pp=# insert into abc.a values (1);
INSERT 0 1
pp=# \c pp pp
You are now connected to database "pp" as user "pp".
pp=> select * from abc.a;
ERROR: permission denied for relation a
pp=> drop table abc.a;
DROP TABLE
```

best regards,
digoal.

Tom Lane

tgl@sss.pgh.pa.us

about 8 years ago

In reply to: PG Bug reporting form (#1)

Re: BUG #15095: schema's owner can drop object's in his schema

=?utf-8?q?PG_Bug_reporting_form?= <noreply@postgresql.org> writes:

Schema's owner can drop object's in his schema, I think this is an risk if
multi-user use the same schema.

This is not a bug, it's a documented behavior. It's not much different
from the fact that a database owner can drop his database.

regards, tom lane