From: | Josh Berkus <josh(at)agliodbs(dot)com> |
---|---|
To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Ron Snyder <snyder(at)roguewave(dot)com> |
Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: Default privileges for new databases (was Re: Can't import large objects in most recent cvs) |
Date: | 2002-06-10 22:36:42 |
Message-ID: | 200206101536.42274.josh@agliodbs.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Tom,
> Probably we should have temp table creation allowed to all by default.
> I'm not convinced that that's a good idea for schema-creation privilege
> though. Related issues: what should initdb set as the permissions for
> template1? Would it make sense for newly created databases to copy
> their permission settings from the template database? (Probably not,
> since the owner is likely to be different.) What about copying those
> per-database config settings Peter just invented?
Yes. I think there should be a not optional INITDB switch: either --secure
or --permissive. People usually know at the time of installation whether
they're building a web server (secure) or a home workstation (permissive).
Depending on the setting, this should set either a grant all or revoke all for
non-db owners as default, including such things as temp table creation.
--
-Josh Berkus
______AGLIO DATABASE SOLUTIONS___________________________
Josh Berkus
Complete information technology josh(at)agliodbs(dot)com
and data management solutions (415) 565-7293
for law firms, small businesses fax 621-2533
and non-profit organizations. San Francisco
From | Date | Subject | |
---|---|---|---|
Next Message | Josh Berkus | 2002-06-10 22:41:37 | Re: Efficient DELETE Strategies |
Previous Message | Stephen R. van den Berg | 2002-06-10 21:58:33 | Referential integrity problem postgresql 7.2 ? |