Skip site navigation (1) Skip section navigation (2)

Re: default privileges wording

From: David Fetter <david(at)fetter(dot)org>
To: Alvaro Herrera <alvherre(at)commandprompt(dot)com>
Cc: Andrew Dunstan <andrew(at)dunslane(dot)net>,PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: default privileges wording
Date: 2011-06-29 17:20:50
Message-ID: 20110629172050.GA2111@fetter.org (view raw or flat)
Thread:
Lists: pgsql-hackers
On Wed, Jun 29, 2011 at 11:50:38AM -0400, Alvaro Herrera wrote:
> Excerpts from Andrew Dunstan's message of miƩ jun 29 11:21:12 -0400 2011:
> > 
> > I was just reading the docs on default privileges, and they say this:
> > 
> >     Depending on the type of object, the initial default privileges
> >     might include granting some privileges to PUBLIC. The default is no
> >     public access for tables, columns, schemas, and tablespaces; CONNECT
> >     privilege and TEMP table creation privilege for databases; EXECUTE
> >     privilege for functions; and USAGE privilege for languages. The
> >     object owner can of course revoke these privileges.
> > 
> > 
> > I had to read it several times before I understood it properly, so I'm 
> > not terribly happy with it. I'm thinking of revising it slightly like this:
> > 
> >     Depending on the type of object, the initial default privileges
> >     might include granting some privileges to PUBLIC, including CONNECT
> >     privilege and TEMP table creation privilege for databases, EXECUTE
> >     privilege for functions, and USAGE privilege for languages. For
> >     tables, columns, schemas and tablespaces the default is no public
> >     access. The object owner can of course revoke any default PUBLIC
> >     privileges.
> 
> Some types of objects [have/include/grant] no privileges to PUBLIC by
> default.  These are tables, columns, schemas and tablespaces.  For other
> types, the default privileges granted to PUBLIC are as follows: CONNECT
> privilege and TEMP table creation privilege for databases; EXECUTE
> privilege for functions; and USAGE privilege for languages.  The object
> owner can, of course, revoke [these/any default] privileges.

How about this?

Some types of objects deny all privileges to PUBLIC by default.  These
are tables, columns, schemas and tablespaces.  For other types, the
default privileges granted to PUBLIC are as follows: CONNECT privilege
and TEMP table creation privilege for databases; EXECUTE privilege for
functions; and USAGE privilege for languages.  The object owner can,
of course, revoke both default and expressly granted privileges.

Cheers,
David.
-- 
David Fetter <david(at)fetter(dot)org> http://fetter.org/
Phone: +1 415 235 3778  AIM: dfetter666  Yahoo!: dfetter
Skype: davidfetter      XMPP: david(dot)fetter(at)gmail(dot)com
iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics

Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate

In response to

Responses

pgsql-hackers by date

Next:From: Hitoshi HaradaDate: 2011-06-29 17:22:07
Subject: Re: Parameterized aggregate subquery (was: Pull up aggregate subquery)
Previous:From: David E. WheelerDate: 2011-06-29 17:15:05
Subject: Re: Range Types, constructors, and the type system

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group