Re: Role membership and DROP

Laurenz Albe <laurenz.albe@cybertec.at> writes:
> I realized only today that if role A is a member of role B,
> A can ALTER and DROP objects owned by B.
> I don't have a problem with that, but the documentation seems to
> suggest otherwise.  For example, for DROP TABLE:

>    Only the table owner, the schema owner, and superuser can drop a table.

Generally, if you are a member of a role, that means you are the role for
privilege-test purposes.  I'm not on board with adding "(or a member of
that role)" to every place it could conceivably be added; I think that
would be more annoying than helpful.

It might be worth clarifying this point in section 5.7,

https://www.postgresql.org/docs/devel/ddl-priv.html

but let's not duplicate that in every ref/ page.

            regards, tom lane