| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> |
| Cc: | Steve Pribyl <Steve(dot)Pribyl(at)akunacapital(dot)com>, Melvin Davidson <melvin6925(at)gmail(dot)com>, "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>, "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: postgres db permissions |
| Date: | 2015-06-02 18:46:51 |
| Message-ID: | 2042.1433270811@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> writes:
> On 06/02/2015 11:04 AM, Steve Pribyl wrote:
>> I have noted that "GRANT ALL ON SCHEMA public TO public" is granted
>> on postgres.schemas.public. I am looking at this in pgadmin so excuse
>> my nomenclature.
>> Is this what is allowing write access to the database?
> Yes, though that should not be the default.
Huh? Of course it's the default. I'm not really sure why the OP is
surprised at this. A database that won't let you create any tables
is not terribly useful.
If you don't like this, you can get rid of the database's public schema
and/or restrict who has CREATE permissions on it. But I can't see us
shipping a default configuration in which only superusers can create
tables. That would just encourage people to operate as superusers, which
overall would be much less secure.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Steve Pribyl | 2015-06-02 18:56:08 | Re: postgres db permissions |
| Previous Message | Steve Pribyl | 2015-06-02 18:45:36 | Re: postgres db permissions |