Re: postgres db permissions - Mailing list pgsql-general

From Melvin Davidson
Subject Re: postgres db permissions
Date
Msg-id CANu8FiwQe6iwde7ssniX2HsSLOa2XH4GnJT=aZKrkq+K9zXAvw@mail.gmail.com
Whole thread Raw
In response to Re: postgres db permissions  ("Joshua D. Drake" <jd@commandprompt.com>)
List pgsql-general
As Tom advised, it's called a "public" schema for a reason. It means the general public (any user) has access to it and can create objects/tables in it.


On Tue, Jun 2, 2015 at 2:58 PM, Joshua D. Drake <jd@commandprompt.com> wrote:

On 06/02/2015 11:46 AM, Tom Lane wrote:
Adrian Klaver <adrian.klaver@aklaver.com> writes:
On 06/02/2015 11:04 AM, Steve Pribyl wrote:
I have noted that  "GRANT ALL ON SCHEMA public TO public" is granted
on postgres.schemas.public.  I am looking at this in pgadmin so excuse
my nomenclature.

Is this what is allowing write access to the database?

Yes, though that should not be the default.

Huh?  Of course it's the default.  I'm not really sure why the OP is
surprised at this.  A database that won't let you create any tables
is not terribly useful.

The owner (or super user) should always have access, anybody with access should not. This argument has actually come up before and you held a similar view. This should not be possible:

postgres@sqitch:/# psql -U postgres
psql (9.2.11)
Type "help" for help.

postgres=# create user foo;
CREATE ROLE
postgres=# \q

root@sqitch:/# psql -U foo postgres
psql (9.2.11)
Type "help" for help.
postgres=> create table bar (id text);
CREATE TABLE
postgres=>

We can adjust this capability with pg_hba.conf but that is external to this behavior.

Sincerely,

JD



--
Command Prompt, Inc. - http://www.commandprompt.com/  503-667-4564
PostgreSQL Centered full stack support, consulting and development.
Announcing "I'm offended" is basically telling the world you can't
control your own emotions, so everyone else should do it for you.



--
Melvin Davidson
I reserve the right to fantasize.  Whether or not you
wish to share my fantasy is entirely up to you.

pgsql-general by date:

Previous
From: "Joshua D. Drake"
Date:
Subject: Re: postgres db permissions
Next
From: Filipe Pina
Date:
Subject: Re: pl/python composite type array as input parameter