Re: Best practice running a shared DB hosting server

On Mon, Aug 18, 2008 at 12:24 PM, Thomas Jacob <jacob(at)internet24(dot)de> wrote:
> On Mon, Aug 18, 2008 at 10:49:49AM -0600, Scott Marlowe wrote:
>> On Mon, Aug 18, 2008 at 10:38 AM, Thomas Jacob <jacob(at)internet24(dot)de> wrote:
>> > I've changed my approach by revoking rights to schema public
>> > from PUBLIC in the template1, and then granting all rights
>> > to again just to the "main" user, and usage rights to
>> > the additional users.
>> >
>> > So people aren't forced to use schemas.
>>
>> Not sure exactly what you mean. Everything in pgsql lives in a
>> schema, whether it's public or another schema. By judicious use of
>> the search_path settings you can make the use of such schemas nearly
>> transparent to the users, but they're still there.
>
> Sorry, that was very vague. Some people might just be used
> to there being an explicit public schema. This is not very
> likely, agreed, but if having access to the public schema is not
> a security risk, then there is no need to force users to create additional
> schemas if they don't want to.

Right, I'd just keep the public schema. the only issue with it is
that by default any user who can log into a database can create things
there. However, you can revoke those privileges from public then
explicitly grant them to the users of that database.