On 2022-Dec-01, Noah Misch wrote:
> This is free from the problem found in ddl-create-public-reorg-really.patch.
> However, the word "other" doesn't belong there. (The per-user schemas should
> not have public CREATE privilege.) I would also move that same sentence up
> front, like this:
>
> Constrain ordinary users to user-private schemas. To implement this
> pattern, first ensure that no schemas have public CREATE privileges.
> Then, for every user needing to create non-temporary objects, create a
> schema with the same name as that user. (Recall that the default search
> path starts with $user, which resolves to the user name. Therefore, if
> each user has a separate schema, they access their own schemas by
> default.) This pattern is a secure schema usage pattern unless an
> untrusted user is the database owner or holds the CREATEROLE privilege, in
> which case no secure schema usage pattern exists.
+1 LGTM
--
Álvaro Herrera PostgreSQL Developer — https://www.EnterpriseDB.com/