Re: DROP TABLE can be issued by schema owner as well as table owner

On Fri, May 20, 2011 at 11:42 AM, Derrick Rice <derrick.rice@gmail.com> wrote:
> According to
>
> http://www.postgresql.org/docs/9.0/interactive/sql-droptable.html
>
> "DROP TABLE removes tables from the database. Only its owner can drop a
> table."
>
> In fact, the schema owner can drop the table, which is clearly stated here:
>
> http://www.postgresql.org/docs/9.0/interactive/sql-dropschema.html
>
> "A schema can only be dropped by its owner or a superuser. Note that the
> owner can drop the schema (and thereby all contained objects) even if he
> does not own some of the objects within the schema."

The sentence really should be written a way that indicates that we're
talking about who can execute this particular command, rather than who
can manage to accomplish the removal of the object.  I don't think
it's practical to document the latter.  We'd have to include:

- the owner of the table
- the superuser
- the schema owner, since they could drop the entire schema
- the database owner, since they could drop the entire database
- the system administrator, since they could delete the entire data
directory, or any part of it
- the person with physical control of the machine, since they could
remove and wipe the disk
- any world leader with access to nuclear weapons, since they could...
well, you get the idea

Even if we excluded the last few, it would be quite wordy to
recapitulate this for every object type.  I suggest we steal the
phraseology from "DROP FOREIGN DATA WRAPPER", which reads:

To execute this command, the current user must be the owner of the
foreign-data wrapper.

The phrase "to execute this command" makes the scope of what follows
clear: it's just who can run this command, NOT who might be able by
indirect means to get rid of the object.  To cover all bases, we could
add ", or the superuser" to the end of the sentence.

--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company