| From: | Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org> |
|---|---|
| To: | Peter Fein <pfein(at)pobox(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: No PUBLIC access by default? |
| Date: | 2005-08-11 19:33:16 |
| Message-ID: | 20050811193316.GC24670@alvh.no-ip.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Thu, Aug 11, 2005 at 12:28:44PM -0500, Peter Fein wrote:
> Is there any way to disable PUBLIC access by default? When I create a
> new object (table, function, etc.), it has no ACL, as expected.
> However, the first time I run:
>
> GRANT ALL ON FUNCTION foo() to GROUP developers;
>
> Postgress seems to do:
>
> GRANT ALL ON FUNCTION foo() to PUBLIC;
Actually, that last grant is implicit. When an ACL is found to be null,
it's considered to have a grant to public. So what you should actually
do is revoke those implicit permissions at object creation time.
--
Alvaro Herrera (<alvherre[a]alvh.no-ip.org>)
"Investigación es lo que hago cuando no sé lo que estoy haciendo"
(Wernher von Braun)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Shane | 2005-08-11 19:33:24 | Re: Index not being used unless enable_seqscan=false |
| Previous Message | Michael Fuhr | 2005-08-11 19:16:26 | Re: new Perl Server-Side Language in 8.0 |