Home > mailing lists

Re: How to set default privilege for new users to have no access to other databases? - Mailing list pgsql-general

From	David G. Johnston
Subject	Re: How to set default privilege for new users to have no access to other databases?
Date	August 10, 2023 19:06:58
Msg-id	CAKFQuwZ5E4ZZy2U52Rku38VqTdmOWz8cidk8U=z9PTPk+pYaHA@mail.gmail.com Whole thread Raw
In response to	How to set default privilege for new users to have no access to other databases? (Erik Nelson <erik@nsk.io>)
List	pgsql-general

Tree view

On Wednesday, August 9, 2023, Erik Nelson <erik@nsk.io> wrote:

I have a lab with a database that I would like to use as a "multi-tenant" database, in that I would like to create a database for each of the applications that I'm running and segregate access so that user foo and user bar cannot see anything about their neighbors. I'm somewhat surprised to discover that any new user, by default, has the ability to list databases

This cannot be prevented.

, connect to them

https://www.postgresql.org/docs/current/sql-alterdefaultprivileges.html

and list their tables.

Requires being connected to the database being inspected.

My understanding is that this ability is inherited from the public role (could use confirmation of this)?

Yes, public is what gets the default connection grant to newly created databases.

David J.

pgsql-general by date:

From: Adrian Klaver
Date: 10 August 2023, 17:41:01
Subject: Re: PgSQL 15.3: Execution plan not using index as expected

From: Marc Millas
Date: 11 August 2023, 00:36:33
Subject: pb with big volumes

Re: How to set default privilege for new users to have no access to other databases? - Mailing list pgsql-general

Previous

Next