Re: postgres db permissions - Mailing list pgsql-general

From Adrian Klaver
Subject Re: postgres db permissions
Date
Msg-id 556E1F75.9070207@aklaver.com
Whole thread Raw
In response to Re: postgres db permissions  (Tom Lane <tgl@sss.pgh.pa.us>)
List pgsql-general
On 06/02/2015 11:46 AM, Tom Lane wrote:
> Adrian Klaver <adrian.klaver@aklaver.com> writes:
>> On 06/02/2015 11:04 AM, Steve Pribyl wrote:
>>> I have noted that  "GRANT ALL ON SCHEMA public TO public" is granted
>>> on postgres.schemas.public.  I am looking at this in pgadmin so excuse
>>> my nomenclature.
>
>>> Is this what is allowing write access to the database?
>
>> Yes, though that should not be the default.
>
> Huh?  Of course it's the default.  I'm not really sure why the OP is
> surprised at this.  A database that won't let you create any tables
> is not terribly useful.

Aah, me being stupid.

>
> If you don't like this, you can get rid of the database's public schema
> and/or restrict who has CREATE permissions on it.  But I can't see us
> shipping a default configuration in which only superusers can create
> tables.  That would just encourage people to operate as superusers, which
> overall would be much less secure.

>
>             regards, tom lane
>


--
Adrian Klaver
adrian.klaver@aklaver.com


pgsql-general by date:

Previous
From: Andres Freund
Date:
Subject: Re: [HACKERS] Re: 9.4.1 -> 9.4.2 problem: could not access status of transaction 1
Next
From: Fabio Ugo Venchiarutti
Date:
Subject: Re: Minor revision downgrade (9.2.11 -> 9.2.10)