Quick Links

Re: TODO item: set proper permissions on non-system schemas

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Andrew Dunstan <andrew(at)dunslane(dot)net>
Cc:	andrew(at)supernews(dot)com, pgsql-hackers(at)postgresql(dot)org
Subject:	Re: TODO item: set proper permissions on non-system schemas
Date:	2005-09-01 17:13:31
Message-ID:	3201.1125594811@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Andrew Dunstan <andrew(at)dunslane(dot)net> writes:
> Tom Lane wrote:
>> Change the ownership of public in template1 to be a "dbadmin" group.
>> Grant membership in "dbadmin" to all the DB owners. End of problem.

> Won't that suddenly grant the owner of foo_db dbadmin rights in bar_db?
> That seems to violate the principle of least surprise.

I'm assuming here that the various dbowners aren't even allowed to
connect to each others' databases.

regards, tom lane

In response to

Re: TODO item: set proper permissions on non-system schemas at 2005-09-01 17:03:33 from Andrew Dunstan

Responses

Re: TODO item: set proper permissions on non-system schemas at 2005-09-01 17:51:52 from Andrew - Supernews

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Tom Lane	2005-09-01 17:17:08	Re: PG_PAGE_LAYOUT_VERSION - Should be Documented as 3?
Previous Message	Tom Lane	2005-09-01 17:08:14	Re: Remove xmin and cmin from frozen tuples