Fabien COELHO <coelho(at)cri(dot)ensmp(dot)fr> writes:
> I was thinking about something fuzzy enough as:
> UPDATE pg_catalog.pg_namespace
> SET nspowner=datdba, nspacl=NULL -- NULL means default rights...
> The later is simple and makes sense anyway for a newly created database.
No, I don't think it does. The DBA presently can set up a site-wide
policy about use of "public" by altering its permissions in template1.
For example, he might revoke create access from most users. People will
be surprised if that fails to carry over to created databases.
regards, tom lane