From: | Noah Misch <noah(at)leadboat(dot)com> |
---|---|
To: | Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com> |
Cc: | Robert Haas <robertmhaas(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: public schema default ACL |
Date: | 2018-03-09 06:54:27 |
Message-ID: | 20180309065427.GA1955713@rfd.leadboat.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
On Wed, Mar 07, 2018 at 09:22:16AM -0500, Peter Eisentraut wrote:
> On 3/6/18 15:20, Robert Haas wrote:
> > On Sat, Mar 3, 2018 at 4:56 AM, Noah Misch <noah(at)leadboat(dot)com> wrote:
> >> I propose, for v11, switching to "GRANT USAGE ON SCHEMA
> >> public TO PUBLIC" (omit CREATE). Concerns? An alternative is to change the
> >> default search_path to "$user"; that would be break more applications, and I
> >> don't see an advantage to compensate for that.
> >
> > Isn't this going to cause widespread breakage? Unprivileged users
> > will suddenly find that they can no longer create tables, because
> > $user doesn't exist and they don't have permission on public. That
> > seems quite unfriendly.
>
> Moreover, the problem is that if you have database owners that are not
> superusers, they can't easily fix the issue themselves. Since the
> public schema is owned by postgres, they database owner can't just go in
> and run GRANT CREATE ON SCHEMA PUBLIC TO whomever to restore the old
> behavior or grant specific access. It would be simpler if we didn't
> install a public schema by default at all.
That's a good point. Worse, a user with CREATEDB privilege would be able to
create new databases and immediately create and use any schema _except_
public. That is rather silly.
From | Date | Subject | |
---|---|---|---|
Next Message | Noah Misch | 2018-03-09 07:04:24 | Re: public schema default ACL |
Previous Message | Michael Paquier | 2018-03-09 06:34:19 | Re: using worker_spi as pattern |