On Wed, Jun 29, 2011 at 4:49 PM, Alvaro Herrera
> Excerpts from Robert Haas's message of mié jun 29 13:42:34 -0400 2011:
>> > How about this?
>> > Some types of objects deny all privileges to PUBLIC by default. These
>> > are tables, columns, schemas and tablespaces. For other types, the
>> > default privileges granted to PUBLIC are as follows: CONNECT privilege
>> > and TEMP table creation privilege for databases; EXECUTE privilege for
>> > functions; and USAGE privilege for languages. The object owner can,
>> > of course, revoke both default and expressly granted privileges.
>> Or, since I find the use of the word "deny" a bit unclear:
>> When a table, column, schema, or tablespace is created, no privileges
>> are granted to PUBLIC. But for other objects, some privileges will be
>> granted to PUBLIC automatically at the time the object is created:
>> CONNECT privilege and TEMP table creation privilege for database, ...
>> <etc., the rest as you have it>
> Hmm, I like David's suggestion better, but I agree with you that "deny"
> isn't the right verb there. I have no better suggestions at moment
Well, I think the only relevant verb is "grant", so that's why I was
trying to phrase it in terms of the negative of that - i.e. explain
that, in this case, we don't grant anything.
The Enterprise PostgreSQL Company
In response to
pgsql-hackers by date
|Next:||From: Joe Conway||Date: 2011-06-30 00:43:31|
|Subject: Re: SECURITY LABEL on shared database object|
|Previous:||From: Tatsuo Ishii||Date: 2011-06-30 00:42:33|
|Subject: Re: Adding Japanese README|