On Tue, Aug 24, 2021 at 9:20 PM Tom Lane <t...@sss.pgh.pa.us> wrote: > "David G. Johnston" <david.g.johns...@gmail.com> writes: > > On Tue, Aug 24, 2021 at 8:51 PM Li EF Zhang <bjzha...@cn.ibm.com> wrote: > >> Thanks for your answer. My doubt is that since an ordinary user creates > >> the extension, shouldn't be this user the owner of the objects created > >> within the extension? > > > While that is a possible implementation choice, that isn't what was > chosen. > > Let's be clear here: that is not some random implementor's decision. > That is *necessary*, else the feature is completely insecure. > > Fair. Additionally, an extension that wishes for ordinary users to perform limited configuration can always supply a security definer function to facilitate such a change. Though I'm unsure how/if it would go about arranging role permissions without requiring a superuser.
David J.
