Home > mailing lists

Re: postgres db permissions - Mailing list pgsql-general

From	Steve Pribyl
Subject	Re: postgres db permissions
Date	June 2, 2015 20:50:13
Msg-id	DM2PR0701MB13124476BFCA2E5AD46EF604E4B50@DM2PR0701MB1312.namprd07.prod.outlook.com Whole thread Raw
In response to	Re: postgres db permissions ("Joshua D. Drake" <jd@commandprompt.com>)
Responses	Re: postgres db permissions Re: postgres db permissions
List	pgsql-general

Tree view

Josh,

Via psql:
CREATE ROLE bob LOGIN
  NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION;
GRANT dbA TO bob;
GRANT dbA_ro TO bob;
GRANT dbB TO bob;
GRANT dbB_ro TO bob;

dbA, dbA_ro, dbB, and dbB_ro are roles.

I have not created any database yet or assigned permissions to the roles.

Steve Pribyl

________________________________________
From: pgsql-general-owner@postgresql.org <pgsql-general-owner@postgresql.org> on behalf of Joshua D. Drake
<jd@commandprompt.com>
Sent: Tuesday, June 2, 2015 12:44 PM
To: pgsql-general@postgresql.org
Subject: Re: [GENERAL] postgres db permissions

On 06/02/2015 10:36 AM, Steve Pribyl wrote:
>
> Good Afternoon,
>
> Built a fresh 9.3. postgres server and added some users and noticed that any user can create tables in any database
includingthe postgres database by default. 
>
> Have I missed some step in securing the default install?

How exactly did you add the users?

JD

--
Command Prompt, Inc. - http://www.commandprompt.com/  503-667-4564
PostgreSQL Centered full stack support, consulting and development.
Announcing "I'm offended" is basically telling the world you can't
control your own emotions, so everyone else should do it for you.

--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
________________________________
 [http://www.akunacapital.com/images/akuna.png]
Steve Pribyl | Senior Systems Engineer
Akuna Capital LLC
36 S Wabash, Suite 310 Chicago IL 60603 USA | www.akunacapital.com <http://www.akunacapital.com>
p: +1 312 994 4646 | m: 847-343-2349 | f: +1 312 750 1667 | Steve.Pribyl@akunacapital.com

Please consider the environment, before printing this email.

This electronic message contains information from Akuna Capital LLC that may be confidential, legally privileged or
otherwiseprotected from disclosure. This information is intended for the use of the addressee only and is not offered
asinvestment advice to be relied upon for personal or professional use. Additionally, all electronic messages are
recordedand stored in compliance pursuant to applicable SEC rules. If you are not the intended recipient, you are
herebynotified that any disclosure, copying, distribution, printing or any other use of, or any action in reliance on,
thecontents of this electronic message is strictly prohibited. If you have received this communication in error, please
notifyus by telephone at (312)994-4640 and destroy the original message.

pgsql-general by date:

From: Andres Freund
Date: 02 June 2015, 20:46:16
Subject: Re: [HACKERS] Re: 9.4.1 -> 9.4.2 problem: could not access status of transaction 1

From: Daniel Begin
Date: 02 June 2015, 21:01:45
Subject: Re: Planner cost adjustments

Re: postgres db permissions - Mailing list pgsql-general

Previous

Next