Re: postgres db permissions

From: Melvin Davidson <melvin6925(at)gmail(dot)com>
To: "Joshua D(dot) Drake" <jd(at)commandprompt(dot)com>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com>, Steve Pribyl <Steve(dot)Pribyl(at)akunacapital(dot)com>, "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org>
Subject: Re: postgres db permissions
Date: 2015-06-02 19:05:21
Message-ID: CANu8FiwQe6iwde7ssniX2HsSLOa2XH4GnJT=aZKrkq+K9zXAvw@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

As Tom advised, it's called a "public" schema for a reason. It means the
general public (any user) has access to it and can create objects/tables in
it.

On Tue, Jun 2, 2015 at 2:58 PM, Joshua D. Drake <jd(at)commandprompt(dot)com>
wrote:

>
> On 06/02/2015 11:46 AM, Tom Lane wrote:
>
>> Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com> writes:
>>
>>> On 06/02/2015 11:04 AM, Steve Pribyl wrote:
>>>
>>>> I have noted that "GRANT ALL ON SCHEMA public TO public" is granted
>>>> on postgres.schemas.public. I am looking at this in pgadmin so excuse
>>>> my nomenclature.
>>>>
>>>
>> Is this what is allowing write access to the database?
>>>>
>>>
>> Yes, though that should not be the default.
>>>
>>
>> Huh? Of course it's the default. I'm not really sure why the OP is
>> surprised at this. A database that won't let you create any tables
>> is not terribly useful.
>>
>
> The owner (or super user) should always have access, anybody with access
> should not. This argument has actually come up before and you held a
> similar view. This should not be possible:
>
> postgres(at)sqitch:/# psql -U postgres
> psql (9.2.11)
> Type "help" for help.
>
> postgres=# create user foo;
> CREATE ROLE
> postgres=# \q
>
> root(at)sqitch:/# psql -U foo postgres
> psql (9.2.11)
> Type "help" for help.
> postgres=> create table bar (id text);
> CREATE TABLE
> postgres=>
>
> We can adjust this capability with pg_hba.conf but that is external to
> this behavior.
>
> Sincerely,
>
> JD
>
>
>
> --
> Command Prompt, Inc. - http://www.commandprompt.com/ 503-667-4564
> PostgreSQL Centered full stack support, consulting and development.
> Announcing "I'm offended" is basically telling the world you can't
> control your own emotions, so everyone else should do it for you.
>

--
*Melvin Davidson*
I reserve the right to fantasize. Whether or not you
wish to share my fantasy is entirely up to you.

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Filipe Pina 2015-06-02 19:33:03 Re: pl/python composite type array as input parameter
Previous Message Joshua D. Drake 2015-06-02 18:58:38 Re: postgres db permissions