| From: | Gavin Flower <GavinFlower(at)archidevsys(dot)co(dot)nz> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Ralf Jung <post(at)ralfj(dot)de> |
| Cc: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: "REVOKE ... ON DATABASE template1 ..." has no effect |
| Date: | 2018-05-14 20:12:02 |
| Message-ID: | 6176194e-fd90-392a-7ff8-17a650abdc1f@archidevsys.co.nz |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
On 15/05/18 03:43, Tom Lane wrote:
> Ralf Jung <post(at)ralfj(dot)de> writes:
>> I would have expected a "REVOKE ALL ON DATABASE template1" to have the effect of
>> changing the default permissions for new databases.
> This is not a bug, and I don't think it's a reasonable expectation either.
> There's certainly plenty of reasons why you might wish to lock people out
> of template1, but that doesn't equate to supposing that people should be
> locked out of every new database. Nor do we copy most other
> database-level attributes when cloning a database (the exceptions are
> things that affect the database contents, such as encoding).
>
> There might be an argument for extending ALTER DEFAULT PRIVILEGES so that
> it can control the initial default privileges for new databases. That's
> certainly a feature request not a bug though.
>
> regards, tom lane
>
Would definitely agree with Tom on both points!
Cheers,
Gavin
| From | Date | Subject | |
|---|---|---|---|
| Next Message | 007reader | 2018-05-14 21:37:00 | Re: Abnormal JSON query performance |
| Previous Message | David G. Johnston | 2018-05-14 19:53:24 | Re: BUG #15197: query tool not working |