Re: public schema default ACL

From: Bruce Momjian <bruce(at)momjian(dot)us>
To: Noah Misch <noah(at)leadboat(dot)com>
Cc: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Robert Haas <robertmhaas(at)gmail(dot)com>, Peter Eisentraut <peter(dot)eisentraut(at)2ndquadrant(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Stephen Frost <sfrost(at)snowman(dot)net>, Magnus Hagander <magnus(at)hagander(dot)net>, "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>, Alvaro Herrera <alvherre(at)alvh(dot)no-ip(dot)org>
Subject: Re: public schema default ACL
Date: 2020-11-13 03:16:13
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

On Thu, Nov 12, 2020 at 06:36:39PM -0800, Noah Misch wrote:
> On Mon, Nov 09, 2020 at 02:56:53PM -0500, Bruce Momjian wrote:
> > On Mon, Nov 2, 2020 at 11:05:15PM -0800, Noah Misch wrote:
> > > My plan is for the default to become:
> > >
> > > ALTER SCHEMA public OWNER TO DATABASE_OWNER; -- new syntax
> >
> > Seems it would be better to create a predefined role that owns the
> > public schema, or at least has create permission for the public schema
> > --- that way, when you are creating a role, you can decide if the role
> > should have creation permissions in the public schema, rather than
> > having people always using the database owner for this purpose.
> Defaulting to a specific predefined role empowers the role's members in all
> databases simultaneously. Folks who want it like that can create a role and
> issue "ALTER SCHEMA public OWNER TO that_role" in template1. What's the
> better default? I think that depends on whether you regard this schema as a
> per-database phenomenon or a per-cluster phenomenon.

Ah, I see your point. I was just thinking we don't want everyone
logging in as the db user, or given super-user permissions, so haveing a
non-login role would help, but we can just document how to do it.

Bruce Momjian <bruce(at)momjian(dot)us>

The usefulness of a cup is in its emptiness, Bruce Lee

In response to

Browse pgsql-hackers by date

  From Date Subject
Next Message Craig Ringer 2020-11-13 03:31:24 Re: Add docs stub for recovery.conf
Previous Message Michael Paquier 2020-11-13 03:14:29 Re: scram-sha-256 broken with FIPS and OpenSSL 1.0.2