Re: public schema default ACL

On 3/7/18 10:05, Stephen Frost wrote:
> I liken this to a well-known and well-trodden feature for auto creating
> user home directories on Unix.

I don't think likening schemas to home directories is really addressing
the most typical use cases. Database contents are for the most part
carefully constructed in a collaborative way. If your organization has
three DBAs foo, bar, and baz, it's quite unlikely that they will want to
create or look at objects in schemas named foo, bar, or baz. More
likely, they will be interested in the schemas myapp or myotherapp. Or
they don't care about schemas and will want the database to behave as if
there wasn't a schema layer between the database and the tables.

The existing structures are not bad. They work for a lot of users. The
problem is just that by default everyone can do whatever they want in a
shared space. The fix is probably to not let them do that. What is
being discussed here instead is to let them do whatever they want in
their own non-shared spaces. That addresses the security concern, but
it doesn't support the way people actually work right now.

--
Peter Eisentraut http://www.2ndQuadrant.com/
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services