Re: [BUGS] BUG #14828: Security isn't working - Mailing list pgsql-bugs

From Tom Lane
Subject Re: [BUGS] BUG #14828: Security isn't working
Date
Msg-id 19762.1506360966@sss.pgh.pa.us
Whole thread Raw
In response to [BUGS] BUG #14828: Security isn't working  (randygrolemund@gmail.com)
List pgsql-bugs
randygrolemund@gmail.com writes:
> Another team member created a new db, and did not assign any users
> permission to that db. It appears at least one of the users (no super user
> permissions) can read and write to that db. It doesn't make any sense how
> this is working.

Well, as noted in the GRANT reference page, the default for a new database
is to grant CONNECT privilege to PUBLIC; if you don't like that you need
to revoke it, or (usually less desirable) use pg_hba.conf rules to
restrict access.  Depending on how much you want to lock down access,
you might also want to revoke TEMP privilege and/or remove or restrict
the "public" schema within that database.

If none of those are the problem then you need to provide considerably
more detail.  But so far I see nothing here that sounds like it's not
operating as designed.

https://www.postgresql.org/docs/current/static/bug-reporting.html
        regards, tom lane


-- 
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs

pgsql-bugs by date:

Previous
From: "David E. Wheeler"
Date:
Subject: Re: [BUGS] BUG #14825: enum type: unsafe use?
Next
From: Дилян Палаузов
Date:
Subject: [BUGS] Re: Query planner skipping index depending on DISTINCT parameterorder (2)