Quick Links

"default deny" for roles

From:	David Fetter <david(at)fetter(dot)org>
To:	PG Hackers <pgsql-hackers(at)postgresql(dot)org>
Subject:	"default deny" for roles
Date:	2012-08-28 17:25:57
Message-ID:	20120828172557.GH17812@fetter.org
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

Folks,

There are situations where a "default deny" policy is the best fit.

To that end, I have a modest proposal:

REVOKE PUBLIC FROM role;

Thenceforth, the role in question would only have access to things it
was specifically granted.

What say?

Cheers,
David.
--
David Fetter <david(at)fetter(dot)org> http://fetter.org/
Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter
Skype: davidfetter XMPP: david(dot)fetter(at)gmail(dot)com
iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics

Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate

	From	Date	Subject
Next Message	Tom Lane	2012-08-28 17:30:44	Re: SP-GiST micro-optimizations
Previous Message	Tom Lane	2012-08-28 17:06:42	Re: MySQL search query is not executing in Postgres DB