> How is it that the default privilege granted to public doesn’t seem to care who the object creator > is yet when revoking the grant one supposedly can only do so within the scope of a single role?
I don't understand what you wrote. ALTER DEFAULT PRIVILEGES also only applies to objects created by a single role when you grant default privileges.
I think my point is that a paragraph like the following may be a useful addition:
If one wishes to remove the default privilege granted to public to execute all newly created procedures it is necessary to revoke that privilege for every superuser in the system
That seems... excessive. You can revoke other privs from public (can't you?), so why seemingly only do procedures/functions have this difficulty.
Neither domain, language, nor type seem problematic. Which just leave connect and temp on databases which indeed have a similar issue but also the number of roles with createdb is likely significantly fewer than those with create on schema.
