On Tue, Jul 5, 2022 at 02:57:52PM -0700, Noah Misch wrote:
> Since having too-permissive ACLs is usually symptom-free, I share your
> forecast about the more-common question. Expect questions on mailing lists,
> stackoverflow, etc. The right way to answer those questions is roughly this:
>
> > On PostgreSQL 15, my application gets "permission denied for schema
> > public". What should I do?
>
> You have a choice to make. The best selection depends on the security
> needs of your database. See
> https://www.postgresql.org/docs/devel/ddl-schemas.html#DDL-SCHEMAS-PATTERNS
> for a guide to making that choice.
>
> Recommending GRANT to that two-sentence question would be negligent. One
> should know a database's lack of security needs before recommending GRANT.
> This is a key opportunity to have more users make the right decision while
> their attention is on the topic.
Yes, I think it is a question of practicality vs. desirability. We are
basically telling people they have to do research to get the old
behavior in their new databases and clusters.
> > My only stylistic suggestion would be to remove "a" from "a
> > <literal>REVOKE</literal>".
>
> I'll plan to push with that change.
WFM.
--
Bruce Momjian <bruce@momjian.us> https://momjian.us
EDB https://enterprisedb.com
Indecision is a decision. Inaction is an action. Mark Batterson
