| From: | Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us> |
|---|---|
| To: | Barry Brown <barry(at)cs(dot)sierracollege(dot)edu> |
| Cc: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: BUG #1497: Default permissions allow any user to create objects |
| Date: | 2005-02-25 02:34:33 |
| Message-ID: | 200502250234.j1P2YX924473@candle.pha.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Barry Brown wrote:
> >> The docs say that initially only the owner of a database may use the
> >> objects
> >> created in it. But I have found that ANY user can work with any
> >> object by
> >> default, even in the template1 database.
> >
> > Uh, where did you see that in the docs?
>
> First paragraph of section 17.4 (Privileges):
>
> "When a database object is created, it is assigned an owner. .... By
> default, only an owner (or a superuser) can do anything with the
> object. In order to allow other users to use it, privileges must be
> granted."
>
> To me, that paragraphs says that only the owner of a database can do
> anything with it and all other privileges must be explicitly granted to
> others.
Yea, that is confusing. When they say "database object", the don't mean
database, but object created in the database, like a table or view.
I modified the text to not mention "database":
When an object is created, it is assigned an owner. The
--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alexis Wilke | 2005-02-25 07:10:20 | BUG #1507: CREATE RULE commands atomicity |
| Previous Message | Bruce Momjian | 2005-02-25 02:14:11 | Re: BUG #1494: psql \df to_char |