On 2/03/2010 8:00 PM, Thom Brown wrote:
> CREATE ROLE testuser WITH LOGIN; -- At this point we haven't assigned
> this user to any group
>
> SET ROLE testuser;
> SELECT * FROM table_a;
>
> We get:
> ERROR: permission denied for relation table_a
... if table_a doesn't have grants to public, which it may well. I like
to revoke public access to my schema and to my database to make very,
very sure that only roles I've explicitly allowed can get in.
I prefer to explicitly revoke all rights from public on objects.
--
Craig Ringer