On Thu, Aug 11, 2005 at 12:28:44PM -0500, Peter Fein wrote:
> Is there any way to disable PUBLIC access by default? When I create a
> new object (table, function, etc.), it has no ACL, as expected.
> However, the first time I run:
>
> GRANT ALL ON FUNCTION foo() to GROUP developers;
>
> Postgress seems to do:
>
> GRANT ALL ON FUNCTION foo() to PUBLIC;
Actually, that last grant is implicit. When an ACL is found to be null,
it's considered to have a grant to public. So what you should actually
do is revoke those implicit permissions at object creation time.
--
Alvaro Herrera (<alvherre[a]alvh.no-ip.org>)
"Investigación es lo que hago cuando no sé lo que estoy haciendo"
(Wernher von Braun)