Adrian Klaver <adrian.klaver@aklaver.com> writes:
> On 06/02/2015 11:04 AM, Steve Pribyl wrote:
>> I have noted that "GRANT ALL ON SCHEMA public TO public" is granted
>> on postgres.schemas.public. I am looking at this in pgadmin so excuse
>> my nomenclature.
>> Is this what is allowing write access to the database?
> Yes, though that should not be the default.
Huh? Of course it's the default. I'm not really sure why the OP is
surprised at this. A database that won't let you create any tables
is not terribly useful.
If you don't like this, you can get rid of the database's public schema
and/or restrict who has CREATE permissions on it. But I can't see us
shipping a default configuration in which only superusers can create
tables. That would just encourage people to operate as superusers, which
overall would be much less secure.
regards, tom lane
