I am confused about schema owners in Postgres.
When I create a schema with the owner defined by the AUTHORIZATION
keyword, owner can create objects in that schema (no explicit privileges are shown on that schema in pgAdmin4).
But when I alter the schema owner to another role, this role cannot create objects in that schema (until I explicitly grant USAGE
and CREATE
).
I suppose, that schema owner has implicit privileges to do anything with schema. What is the right way to change schema ownerschip?
Best Answer
No, that is not the case. The manual on
GRANT
:Bold emphasis mine.
There are also no default privileges for
public
:So even the owner needs privileges for a schema - which are given by default! If all you do is:
Or:
Then default privileges are NULL, i.e. default to system defaults (which is
USAGE
andCREATE
for the owner of a schema). The manual onGRANT
:If you revoke privileges from the owner (can be done by owner himself or superuser), then the role does not have these privileges. (But the owner can always grant these privileges to himself as well.) And if you assign a new owner, the status is inherited:
You'll now see an empty array (
{}
) instead of NULL:(pgAdmin4 reads from the same system table.)
If you did not explicitly revoke
USAGE
andCREATE
, then the new owner has these privileges, too. That's what's confusing in your description. Did you revoke privileges from the old or new owner?