Kohei KaiGai <kai...@kaigai.gr.jp> writes: > However, it allows users to create a new schema with his ownership, > even if current user does not have permission to create a new schema. [...] > It seems to me that we should inject permission checks here like as > CreateSchemaCommand() doing.
It seems to me the code has been written this way before we relaxed the superuser only check in CREATE EXTENSION. I'm not enough into security to convince myself there's harm to protect against here, but I would agree there's a sound logic into refusing to create the schema if the current role isn't granted that operation. Please note, though, that you're effectively forbidding the role to create the extension. As it's not relocatable, the role will not be able to install it into another schema. Which could be exactly what you wanted to achieve. Regards, -- Dimitri Fontaine http://2ndQuadrant.fr PostgreSQL : Expertise, Formation et Support -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers