| From: | Noah Misch <noah(at)leadboat(dot)com> |
|---|---|
| To: | Bruce Momjian <bruce(at)momjian(dot)us> |
| Cc: | PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: First draft of the PG 15 release notes |
| Date: | 2022-06-28 06:37:19 |
| Message-ID: | 20220628063719.GA2208244@rfd.leadboat.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, May 10, 2022 at 11:44:15AM -0400, Bruce Momjian wrote:
> I have completed the first draft of the PG 15 release notes
> <!--
> Author: Noah Misch <noah(at)leadboat(dot)com>
> 2021-09-09 [b073c3ccd] Revoke PUBLIC CREATE from public schema, now owned by pg
> -->
>
> <listitem>
> <para>
> Remove <literal>PUBLIC</literal> creation permission on the <link
> linkend="ddl-schemas-public"><literal>public</literal> schema</link>
> (Noah Misch)
> </para>
>
> <para>
> This is a change in the default for newly-created databases in
> existing clusters and for new clusters; <literal>USAGE</literal>
If you dump/reload an unmodified v14 template1 (as pg_dumpall and pg_upgrade
do), your v15 template1 will have a v14 ACL on its public schema. At that
point, the fate of "newly-created databases in existing clusters" depends on
whether you clone template1 or template0. Does any of that detail belong
here, or does the existing text suffice?
> permissions on the <literal>public</literal> schema has not
> been changed. Databases restored from previous Postgres releases
> will be restored with their current permissions. Users wishing
> to have the old permissions on new objects will need to grant
The phrase "old permissions on new objects" doesn't sound right to me, but I'm
not sure why. I think you're aiming for the fact that this is just a default;
one can still change the ACL to anything, including to the old default. If
these notes are going to mention the old default like they do so far, I think
they should also urge readers to understand
https://www.postgresql.org/docs/devel/ddl-schemas.html#DDL-SCHEMAS-PATTERNS
before returning to the old default. What do you think?
> <literal>CREATE</literal> permission for <literal>PUBLIC</literal>
> on the <literal>public</literal> schema; this change can be made
> on <literal>template1</literal> to cause all new databases
> to have these permissions. <literal>template1</literal>
> permissions for <application>pg_dumpall</application> and
> <application>pg_upgrade</application>?
pg_dumpall will change template1. I think pg_upgrade will too, and neither
program will change template0.
> </para>
> </listitem>
>
> <!--
> Author: Noah Misch <noah(at)leadboat(dot)com>
> 2021-09-09 [b073c3ccd] Revoke PUBLIC CREATE from public schema, now owned by pg
> -->
>
> <listitem>
> <para>
> Change the owner of the <literal>public</literal> schema to
> <literal>pg_database_owner</literal> (Noah Misch)
> </para>
>
> <para>
> Previously it was the literal user name of the database owner.
It was the bootstrap superuser.
> Databases restored from previous Postgres releases will be restored
> with their current owner specification.
> </para>
> </listitem>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Kyotaro Horiguchi | 2022-06-28 07:09:26 | Re: [BUG] Panic due to incorrect missingContrecPtr after promotion |
| Previous Message | Thomas Munro | 2022-06-28 06:27:21 | Re: margay fails assertion in stats/dsa/dsm code |