| From: | Josh Berkus <josh(at)agliodbs(dot)com> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Ron Snyder <snyder(at)roguewave(dot)com> |
| Cc: | Peter Eisentraut <peter_e(at)gmx(dot)net>, pgsql-hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: Default privileges for new databases (was Re: Can't import large objects in most recent cvs) |
| Date: | 2002-06-10 22:36:42 |
| Message-ID: | 200206101536.42274.josh@agliodbs.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
Tom,
> Probably we should have temp table creation allowed to all by default.
> I'm not convinced that that's a good idea for schema-creation privilege
> though. Related issues: what should initdb set as the permissions for
> template1? Would it make sense for newly created databases to copy
> their permission settings from the template database? (Probably not,
> since the owner is likely to be different.) What about copying those
> per-database config settings Peter just invented?
Yes. I think there should be a not optional INITDB switch: either --secure
or --permissive. People usually know at the time of installation whether
they're building a web server (secure) or a home workstation (permissive).
Depending on the setting, this should set either a grant all or revoke all for
non-db owners as default, including such things as temp table creation.
--
-Josh Berkus
______AGLIO DATABASE SOLUTIONS___________________________
Josh Berkus
Complete information technology josh(at)agliodbs(dot)com
and data management solutions (415) 565-7293
for law firms, small businesses fax 621-2533
and non-profit organizations. San Francisco
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Josh Berkus | 2002-06-10 22:41:37 | Re: Efficient DELETE Strategies |
| Previous Message | Stephen R. van den Berg | 2002-06-10 21:58:33 | Referential integrity problem postgresql 7.2 ? |