Why the owner of a database can't alter the tables of this database that are owned by other owners?

Question

For now I don't understand why this access rights segregation exist. Is it implemented for some security reasons? Or can it be needed by some use cases I can't imagine right now?

Knowing almost nothing about the reasons behind concrete PostgreSQL design I wonder why prevent a database owner from altering those tables of the database owned that are owned by other owners.

Here's what the official documentation on altering tables says regarding who can alter tables of a database:

You must own the table to use ALTER TABLE.

Of course I don't argue the design or the documentation. I'm just wondering why it can be needed to limit a database owner that way?

score 1 · Answer 1 · answered Feb 14 '18 at 15:15

It is a security consideration. One way to get around it is to have all objects created by specific user(s) have default rights.

In my opinion you should limit what user(s) can do DDL in a database for a number of reasons. Primarily for security and controlling who/what user can do DDLs. For a small company / personal setup may not matter, but the second you have multiple people working on a DB can get pretty chaotic if you don't control it.

Why the owner of a database can't alter the tables of this database that are owned by other owners?

1 Answers1