Re: connect permission based on database name

From: Rob Sargent <robjsargent(at)gmail(dot)com>
To: "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "pgsql-generallists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org>
Subject: Re: connect permission based on database name
Date: 2022-05-25 14:45:26
Message-ID: 780bcde5-f068-abfe-89d7-cf7631bb36ba@gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On 5/25/22 08:44, David G. Johnston wrote:
> On Wednesday, May 25, 2022, Rob Sargent <robjsargent(at)gmail(dot)com> wrote:
>
> On 5/25/22 08:20, Tom Lane wrote:
>> Rob Sargent<robjsargent(at)gmail(dot)com> <mailto:robjsargent(at)gmail(dot)com> writes:
>>> Just wondering if I've bumped into some security issue.
>>> I'm somewhat surprised that "grant connect to database <dbname>  to
>>> <role>" appears to be stored "by name"?
>> I think you are forgetting that databases have a default GRANT CONNECT
>> TO PUBLIC. You need to revoke that before other grants/revokes will
>> have any functional effect.
>>
>> regards, tom lane
> And then the search path is "just a string"?
>
>
>
> Search_path isn’t a security component and accepts, but ignores,
> unknown names.  So yes, it is just a string.
>
> David J.
>
Roger that, thanks.

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Carsten Klein 2022-05-25 14:48:55 Re: Connect to specific cluster on command line
Previous Message David G. Johnston 2022-05-25 14:44:18 Re: connect permission based on database name