Thread: BUG #3540: "REVOKE CREATE ON SCHEMA" public doesn't work

BUG #3540: "REVOKE CREATE ON SCHEMA" public doesn't work

From

"Richard Rowell"

Date:

15 August 2007, 17:02:48

The following bug has been logged online:

Bug reference:      3540
Logged by:          Richard Rowell
Email address:      richard.rowell@gmail.com
PostgreSQL version: 8.2
Operating system:   Linux
Description:        "REVOKE CREATE ON SCHEMA" public doesn't work
Details:

richard@meowth:~/download$ createdb perm_test
CREATE DATABASE
richard@meowth:~/download$ psql -U postgres perm_test

Welcome to psql 8.2.4, the PostgreSQL interactive terminal.



Type:  \copyright for distribution terms

       \h for help with SQL commands

       \? for help with psql commands

       \g or terminate with semicolon to execute query

       \q to quit



perm_test=> create schema foo;

CREATE SCHEMA

perm_test=# create role bar login;

CREATE ROLE

perm_test=> revoke create on schema foo from bar;

REVOKE

perm_test=# revoke create on schema public from bar;

REVOKE

perm_test=# \q

richard@meowth:~/download$ psql -U bar perm_test

Welcome to psql 8.2.4, the PostgreSQL interactive terminal.



Type:  \copyright for distribution terms

       \h for help with SQL commands

       \? for help with psql commands

       \g or terminate with semicolon to execute query

       \q to quit



perm_test=> create table foo.test (uid integer);

ERROR:  permission denied for schema foo

perm_test=> create table test (uid integer);
CREATE TABLE

Re: BUG #3540: "REVOKE CREATE ON SCHEMA" public doesn't work

From

Alvaro Herrera

Date:

15 August 2007, 17:19:25

Richard Rowell escribió:

> perm_test=> revoke create on schema foo from bar;
>
> REVOKE
>
> perm_test=# revoke create on schema public from bar;
>
> REVOKE

You have to revoke from PUBLIC too, otherwise the user still has access
via that one.

--
Alvaro Herrera                                http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.

Re: BUG #3540: "REVOKE CREATE ON SCHEMA" public doesn't work

From

"Kevin Grittner"

Date:

15 August 2007, 17:44:19

>>> On Wed, Aug 15, 2007 at 11:29 AM, in message
<200708151629.l7FGTdps040132@wwwmaster.postgresql.org>, "Richard Rowell"
<richard.rowell@gmail.com> wrote:=20
> perm_test=3D# revoke create on schema public from bar;
>=20
> REVOKE
>=20
> perm_test=3D> create table test (uid integer);
> CREATE TABLE
=20
I think the problem is that bar is automatically a member of public.
=20
revoke create on schema public from public;
=20
should help.
=20
-Kevin
=20