Home > mailing lists

Re: "REVOKE ... ON DATABASE template1 ..." has no effect - Mailing list pgsql-bugs

From	Tom Lane
Subject	Re: "REVOKE ... ON DATABASE template1 ..." has no effect
Date	May 14, 2018 21:43:05
Msg-id	20865.1526312585@sss.pgh.pa.us Whole thread Raw
In response to	"REVOKE ... ON DATABASE template1 ..." has no effect (Ralf Jung <post@ralfj.de>)
Responses	Re: "REVOKE ... ON DATABASE template1 ..." has no effect (Gavin Flower <GavinFlower@archidevsys.co.nz>) Re: "REVOKE ... ON DATABASE template1 ..." has no effect (Ralf Jung <post@ralfj.de>)
List	pgsql-bugs

Tree view

Ralf Jung <post@ralfj.de> writes:
> I would have expected a "REVOKE ALL ON DATABASE template1" to have the effect of
> changing the default permissions for new databases.

This is not a bug, and I don't think it's a reasonable expectation either.
There's certainly plenty of reasons why you might wish to lock people out
of template1, but that doesn't equate to supposing that people should be
locked out of every new database.  Nor do we copy most other
database-level attributes when cloning a database (the exceptions are
things that affect the database contents, such as encoding).

There might be an argument for extending ALTER DEFAULT PRIVILEGES so that
it can control the initial default privileges for new databases.  That's
certainly a feature request not a bug though.

            regards, tom lane

pgsql-bugs by date:

From: PG Bug reporting form
Date: 14 May 2018, 21:06:16
Subject: BUG #15196: bogus data in lock file "postmaster.pid"

From: Tom Lane
Date: 14 May 2018, 21:53:34
Subject: Re: Abnormal JSON query performance

Re: "REVOKE ... ON DATABASE template1 ..." has no effect - Mailing list pgsql-bugs

Previous

Next