Re: BUG #1497: Default permissions allow any user to create objects

From: Bruce Momjian <pgman(at)candle(dot)pha(dot)pa(dot)us>
To: Barry Brown <barry(at)cs(dot)sierracollege(dot)edu>
Cc: pgsql-bugs(at)postgresql(dot)org
Subject: Re: BUG #1497: Default permissions allow any user to create objects
Date: 2005-02-25 02:34:33
Message-ID: 200502250234.j1P2YX924473@candle.pha.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

Barry Brown wrote:
> >> The docs say that initially only the owner of a database may use the
> >> objects
> >> created in it. But I have found that ANY user can work with any
> >> object by
> >> default, even in the template1 database.
> >
> > Uh, where did you see that in the docs?
>
> First paragraph of section 17.4 (Privileges):
>
> "When a database object is created, it is assigned an owner. .... By
> default, only an owner (or a superuser) can do anything with the
> object. In order to allow other users to use it, privileges must be
> granted."
>
> To me, that paragraphs says that only the owner of a database can do
> anything with it and all other privileges must be explicitly granted to
> others.

Yea, that is confusing. When they say "database object", the don't mean
database, but object created in the database, like a table or view.

I modified the text to not mention "database":

When an object is created, it is assigned an owner. The

--
Bruce Momjian | http://candle.pha.pa.us
pgman(at)candle(dot)pha(dot)pa(dot)us | (610) 359-1001
+ If your life is a hard drive, | 13 Roberts Road
+ Christ can be your backup. | Newtown Square, Pennsylvania 19073

In response to

Browse pgsql-bugs by date

  From Date Subject
Next Message Alexis Wilke 2005-02-25 07:10:20 BUG #1507: CREATE RULE commands atomicity
Previous Message Bruce Momjian 2005-02-25 02:14:11 Re: BUG #1494: psql \df to_char