| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Ralf Jung <post(at)ralfj(dot)de> |
| Cc: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: "REVOKE ... ON DATABASE template1 ..." has no effect |
| Date: | 2018-05-14 15:43:05 |
| Message-ID: | 20865.1526312585@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Ralf Jung <post(at)ralfj(dot)de> writes:
> I would have expected a "REVOKE ALL ON DATABASE template1" to have the effect of
> changing the default permissions for new databases.
This is not a bug, and I don't think it's a reasonable expectation either.
There's certainly plenty of reasons why you might wish to lock people out
of template1, but that doesn't equate to supposing that people should be
locked out of every new database. Nor do we copy most other
database-level attributes when cloning a database (the exceptions are
things that affect the database contents, such as encoding).
There might be an argument for extending ALTER DEFAULT PRIVILEGES so that
it can control the initial default privileges for new databases. That's
certainly a feature request not a bug though.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2018-05-14 15:53:34 | Re: Abnormal JSON query performance |
| Previous Message | PG Bug reporting form | 2018-05-14 15:06:16 | BUG #15196: bogus data in lock file "postmaster.pid" |