Re: "default deny" for roles

From: Stephen Frost <sfrost(at)snowman(dot)net>
To: David Fetter <david(at)fetter(dot)org>
Cc: PG Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: "default deny" for roles
Date: 2012-08-28 18:12:32
Message-ID: 20120828181232.GE1267@tamriel.snowman.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

David,

* David Fetter (david(at)fetter(dot)org) wrote:
> There are situations where a "default deny" policy is the best fit.

That's certainly true. It's also what we *have*. The only places where
we aren't "default deny" are places where things have been granted to
"public".

Feel free to revoke "public" from the objects in your environment.

Thanks,

Stephen

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Heikki Linnakangas 2012-08-28 18:27:18 Re: SP-GiST micro-optimizations
Previous Message Tom Lane 2012-08-28 17:51:26 Re: "default deny" for roles