Ah, I didn't realize that was an option on the function. They're already being created by a trigger (the table is partitioned on a foreign key, so partitions are created by a trigger on the referenced table); it sounds like I can just update that trigger function with `security definer`.
-Sam https://git.sr.ht/~nelsam https://github.com/nelsam "As an adolescent I aspired to lasting fame, I craved factual certainty, and I thirsted for a meaningful vision of human life -- so I became a scientist. This is like becoming an archbishop so you can meet girls." -- Matt Cartmill On Thu, Feb 4, 2021 at 4:42 PM David G. Johnston <david.g.johns...@gmail.com> wrote: > On Thu, Feb 4, 2021 at 3:39 PM Samuel Nelson <valczir.darkv...@gmail.com> > wrote: > >> I've been trying to restrict permissions of some users in our system and >> noticed that `create table foo partition of bar for values from (x) to (y)` >> complains that I must be the owner of the table. Is there another GRANT I >> can give to my user to allow creation and dropping of partitions without >> allowing them to drop the parent table? >> > > > I doubt it...might want to consider writing a security definer function > that you can give them permission to run instead of having them do things > directly. > > David J. >
