Re: default privileges wording

From: David Fetter <david(at)fetter(dot)org>
To: Robert Haas <robertmhaas(at)gmail(dot)com>
Cc: Alvaro Herrera <alvherre(at)commandprompt(dot)com>, Andrew Dunstan <andrew(at)dunslane(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: default privileges wording
Date: 2011-06-30 00:53:36
Message-ID: 20110630005336.GA6303@fetter.org
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

On Wed, Jun 29, 2011 at 08:42:58PM -0400, Robert Haas wrote:
> On Wed, Jun 29, 2011 at 4:49 PM, Alvaro Herrera
> <alvherre(at)commandprompt(dot)com> wrote:
> > Excerpts from Robert Haas's message of mié jun 29 13:42:34 -0400 2011:
> >
> >> > How about this?
> >> >
> >> > Some types of objects deny all privileges to PUBLIC by default.  These
> >> > are tables, columns, schemas and tablespaces.  For other types, the
> >> > default privileges granted to PUBLIC are as follows: CONNECT privilege
> >> > and TEMP table creation privilege for databases; EXECUTE privilege for
> >> > functions; and USAGE privilege for languages.  The object owner can,
> >> > of course, revoke both default and expressly granted privileges.
> >>
> >> Or, since I find the use of the word "deny" a bit unclear:
> >>
> >> When a table, column, schema, or tablespace is created, no privileges
> >> are granted to PUBLIC.  But for other objects, some privileges will be
> >> granted to PUBLIC automatically at the time the object is created:
> >> CONNECT privilege and TEMP table creation privilege for database, ...
> >> <etc., the rest as you have it>
> >
> > Hmm, I like David's suggestion better, but I agree with you that "deny"
> > isn't the right verb there.  I have no better suggestions at moment
> > though.
>
> Well, I think the only relevant verb is "grant", so that's why I was
> trying to phrase it in terms of the negative of that - i.e. explain
> that, in this case, we don't grant anything.

How about this?

PostgreSQL grants some types of objects some default privileges to
PUBLIC. Tables, columns, schemas and tablespaces grant no privileges
to PUBLIC by default. For other types, the default privileges granted
to PUBLIC are as follows: CONNECT and CREATE TEMP TABLE for databases;
EXECUTE privilege for functions; and USAGE privilege for languages.
The object owner can, of course, REVOKE both default and expressly
granted privileges.

Cheers,
David.
--
David Fetter <david(at)fetter(dot)org> http://fetter.org/
Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter
Skype: davidfetter XMPP: david(dot)fetter(at)gmail(dot)com
iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics

Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Robert Haas 2011-06-30 01:20:07 Re: default privileges wording
Previous Message Joe Conway 2011-06-30 00:43:31 Re: SECURITY LABEL on shared database object