| From: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com>, Noah Misch <noah(at)leadboat(dot)com> |
| Cc: | "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: public schema default ACL |
| Date: | 2018-03-07 14:22:16 |
| Message-ID: | 0e61bd66-07a2-255b-2b0f-7a8488ea1647@2ndquadrant.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 3/6/18 15:20, Robert Haas wrote:
> On Sat, Mar 3, 2018 at 4:56 AM, Noah Misch <noah(at)leadboat(dot)com> wrote:
>> I propose, for v11, switching to "GRANT USAGE ON SCHEMA
>> public TO PUBLIC" (omit CREATE). Concerns? An alternative is to change the
>> default search_path to "$user"; that would be break more applications, and I
>> don't see an advantage to compensate for that.
>
> Isn't this going to cause widespread breakage? Unprivileged users
> will suddenly find that they can no longer create tables, because
> $user doesn't exist and they don't have permission on public. That
> seems quite unfriendly.
Moreover, the problem is that if you have database owners that are not
superusers, they can't easily fix the issue themselves. Since the
public schema is owned by postgres, they database owner can't just go in
and run GRANT CREATE ON SCHEMA PUBLIC TO whomever to restore the old
behavior or grant specific access. It would be simpler if we didn't
install a public schema by default at all.
--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
| From | Date | Subject | |
|---|---|---|---|
| Next Message | David Steele | 2018-03-07 14:25:37 | Re: [HACKERS] Subscription code improvements |
| Previous Message | Robert Haas | 2018-03-07 14:21:24 | Re: [HACKERS] Parallel tuplesort (for parallel B-Tree index creation) |