Re: Question: CREATE EXTENSION and create schema permission?

From: Dimitri Fontaine <dimitri(at)2ndQuadrant(dot)fr>
To: Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp>
Cc: Dimitri Fontaine <dimitri(at)2ndquadrant(dot)fr>, PgHacker <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: Question: CREATE EXTENSION and create schema permission?
Date: 2011-08-21 16:22:53
Message-ID: m2boviwx7m.fsf@2ndQuadrant.fr
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Kohei KaiGai <kaigai(at)kaigai(dot)gr(dot)jp> writes:
> The current implementation set the current user as owner of the new schema.
> The default permission check of schema allows owner to create several kinds
> of underlying objects.
>
> In the result, we may consider a scenario that a user without permissions to
> create new objects possibly get a schema created by CREATE EXTENSION
> that allows him to create new objects (such as table, function, ...).
>
> I don't think it is a desirable behavior. :-(

Agreed,
--
Dimitri Fontaine
http://2ndQuadrant.fr PostgreSQL : Expertise, Formation et Support

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Simon Riggs 2011-08-21 19:23:39 PushActiveSnapshot(GetTransactionSnapshot())
Previous Message Kohei KaiGai 2011-08-21 13:38:34 Re: Question: CREATE EXTENSION and create schema permission?