Why can I drop table when logged in as not owner?
-
29-09-2020 - |
문제
I read that only owner can drop table and no other user may be granted to do so.
I created a table with owner postgres
and then drop it as another user. What privileges should I revoke to disallow it?
The user has all the privileges granted by default in db properties but I don't see any "create table" or "drop table" privilege.
해결책
Superusers are always exempt from lowly permission checks. The documentation:
superuser status
A database superuser bypasses all permission checks, except the right to log in. This is a dangerous privilege and should not be used carelessly; ...
To see whether your current user is a superuser:
SHOW IS_SUPERUSER;
To list all superuser roles:
SELECT rolname FROM pg_roles WHERE rolsuper;
And the schema owner can do it, too. The documentation for DROP TABLE
:
Only the table owner, the schema owner, and superuser can drop a table.
To list schema-owners:
SELECT n.nspname AS schema_name, pg_get_userbyid(n.nspowner) AS owner
FROM pg_namespace n
WHERE n.nspname NOT LIKE 'pg_%'
AND n.nspname <> 'information_schema'
ORDER BY 1;
About the same as \dn
in psql.
SELECT current_user, session_user;