On Wed, Jun 29, 2011 at 04:49:15PM -0400, Alvaro Herrera wrote:
> Excerpts from Robert Haas's message of mié jun 29 13:42:34 -0400 2011:
>
> > > How about this?
> > >
> > > Some types of objects deny all privileges to PUBLIC by default.
> > > These are tables, columns, schemas and tablespaces. For other
> > > types, the default privileges granted to PUBLIC are as follows:
> > > CONNECT privilege and TEMP table creation privilege for
> > > databases; EXECUTE privilege for functions; and USAGE privilege
> > > for languages. The object owner can, of course, revoke both
> > > default and expressly granted privileges.
> >
> > Or, since I find the use of the word "deny" a bit unclear:
> >
> > When a table, column, schema, or tablespace is created, no
> > privileges are granted to PUBLIC. But for other objects, some
> > privileges will be granted to PUBLIC automatically at the time the
> > object is created: CONNECT privilege and TEMP table creation
> > privilege for database, ... <etc., the rest as you have it>
>
> Hmm, I like David's suggestion better, but I agree with you that
> "deny" isn't the right verb there. I have no better suggestions at
> moment though.
I chose "deny" in the sense of "default deny," which is a term of art
in security engineering referring to an access control policy.
http://en.wikipedia.org/wiki/Security_engineering#Security_stance
Cheers,
David.
--
David Fetter <david@fetter.org> http://fetter.org/
Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter
Skype: davidfetter XMPP: david.fetter@gmail.com
iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics
Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate
