Re: postgres db permissions

As Tom advised, it's called a "public" schema for a reason. It means the
general public (any user) has access to it and can create objects/tables in
it.

On Tue, Jun 2, 2015 at 2:58 PM, Joshua D. Drake <jd(at)commandprompt(dot)com>
wrote:

>
> On 06/02/2015 11:46 AM, Tom Lane wrote:
>
>> Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> writes:
>>
>>> On 06/02/2015 11:04 AM, Steve Pribyl wrote:
>>>
>>>> I have noted that "GRANT ALL ON SCHEMA public TO public" is granted
>>>> on postgres.schemas.public. I am looking at this in pgadmin so excuse
>>>> my nomenclature.
>>>>
>>>
>> Is this what is allowing write access to the database?
>>>>
>>>
>> Yes, though that should not be the default.
>>>
>>
>> Huh? Of course it's the default. I'm not really sure why the OP is
>> surprised at this. A database that won't let you create any tables
>> is not terribly useful.
>>
>
> The owner (or super user) should always have access, anybody with access
> should not. This argument has actually come up before and you held a
> similar view. This should not be possible:
>
> postgres(at)sqitch:/# psql -U postgres
> psql (9.2.11)
> Type "help" for help.
>
> postgres=# create user foo;
> CREATE ROLE
> postgres=# \q
>
> root(at)sqitch:/# psql -U foo postgres
> psql (9.2.11)
> Type "help" for help.
> postgres=> create table bar (id text);
> CREATE TABLE
> postgres=>
>
> We can adjust this capability with pg_hba.conf but that is external to
> this behavior.
>
> Sincerely,
>
> JD
>
>
>
> --
> Command Prompt, Inc. - http://www.commandprompt.com/ 503-667-4564
> PostgreSQL Centered full stack support, consulting and development.
> Announcing "I'm offended" is basically telling the world you can't
> control your own emotions, so everyone else should do it for you.
>

--
*Melvin Davidson*
I reserve the right to fantasize. Whether or not you
wish to share my fantasy is entirely up to you.