Skip site navigation (1) Skip section navigation (2)

Re: "default deny" for roles

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: David Fetter <david(at)fetter(dot)org>
Cc: PG Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: "default deny" for roles
Date: 2012-08-28 17:51:26
Message-ID: 4547.1346176286@sss.pgh.pa.us (view raw or flat)
Thread:
Lists: pgsql-hackers
David Fetter <david(at)fetter(dot)org> writes:
> There are situations where a "default deny" policy is the best fit.

> To that end, I have a modest proposal:

>     REVOKE PUBLIC FROM role;

Neither possible nor sensible.  PUBLIC means everybody, and is
implemented in a way that doesn't allow any other meaning.

We pretty much have "default deny" at the other end anyway, in that most
types of objects start out without any permissions granted to PUBLIC.
So I don't think you've made an adequate (or indeed any) case for
needing this, even if it were redesigned into something less screwy.

			regards, tom lane


In response to

pgsql-hackers by date

Next:From: Stephen FrostDate: 2012-08-28 18:12:32
Subject: Re: "default deny" for roles
Previous:From: Jim NasbyDate: 2012-08-28 17:40:28
Subject: Re: MySQL search query is not executing in Postgres DB

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group