| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Graham Leggett <minfrin(at)sharp(dot)fm> |
| Cc: | pgsql-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Grant read-only access to exactly one database amongst many |
| Date: | 2024-02-05 00:53:52 |
| Message-ID: | 4173071.1707094432@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Graham Leggett <minfrin(at)sharp(dot)fm> writes:
> Trouble is, I can create tables in db1 which is write access. I can also connect to db2 (bad), and I can enumerate the tables in db2 (bad), although the queries of the contents say access is denied.
You need to read the docs about default privileges: see about
halfway down
https://www.postgresql.org/docs/15/ddl-priv.html
where it says "PostgreSQL grants privileges on some types of objects
to PUBLIC by default ...". In this case I think you likely need to
revoke the default public CREATE privilege on schema public in db1,
and revoke the default public CONNECT privilege on database db2.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David G. Johnston | 2024-02-05 00:54:40 | Re: Grant read-only access to exactly one database amongst many |
| Previous Message | Erik Wienhold | 2024-02-05 00:11:48 | Re: to_regtype() Raises Error |