On Thu, 2023-03-09 at 10:34 +0100, Dominique Devienne wrote: > Hi. I've recently realized via a post (or article?) from Laurenz that the PUBLIC > role has CREATE privilege on the 'public' schema by default (see query below). > I guess it can't be avoided?
It can be avoided if you connect to "template1" and
REVOKE CREATE ON SCHEMA public FROM PUBLIC;
there *before* you create a new database.
Right. Didn't think of that. Thanks.
Or, as Christoph said, if you use v15 or better.
Because Managed Azure is still stuck at 14.2, that's currently not an option.
We need both on-prem and managed Azure.
> More broadly, we want to secure the DB so that all DB access and schema access are explicit. > Anything else to be aware of please, beside the two mentioned above?