Laurenz Albe <laurenz.a...@cybertec.at> writes: > I realized only today that if role A is a member of role B, > A can ALTER and DROP objects owned by B. > I don't have a problem with that, but the documentation seems to > suggest otherwise. For example, for DROP TABLE:
> Only the table owner, the schema owner, and superuser can drop a table. Generally, if you are a member of a role, that means you are the role for privilege-test purposes. I'm not on board with adding "(or a member of that role)" to every place it could conceivably be added; I think that would be more annoying than helpful. It might be worth clarifying this point in section 5.7, https://www.postgresql.org/docs/devel/ddl-priv.html but let's not duplicate that in every ref/ page. regards, tom lane
