On Wed, Mar 07, 2018 at 09:22:16AM -0500, Peter Eisentraut wrote:
> On 3/6/18 15:20, Robert Haas wrote:
> > On Sat, Mar 3, 2018 at 4:56 AM, Noah Misch <noah@leadboat.com> wrote:
> >> I propose, for v11, switching to "GRANT USAGE ON SCHEMA
> >> public TO PUBLIC" (omit CREATE). Concerns? An alternative is to change the
> >> default search_path to "$user"; that would be break more applications, and I
> >> don't see an advantage to compensate for that.
> >
> > Isn't this going to cause widespread breakage? Unprivileged users
> > will suddenly find that they can no longer create tables, because
> > $user doesn't exist and they don't have permission on public. That
> > seems quite unfriendly.
>
> Moreover, the problem is that if you have database owners that are not
> superusers, they can't easily fix the issue themselves. Since the
> public schema is owned by postgres, they database owner can't just go in
> and run GRANT CREATE ON SCHEMA PUBLIC TO whomever to restore the old
> behavior or grant specific access. It would be simpler if we didn't
> install a public schema by default at all.
That's a good point. Worse, a user with CREATEDB privilege would be able to
create new databases and immediately create and use any schema _except_
public. That is rather silly.