| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | David Fetter <david(at)fetter(dot)org> |
| Cc: | PG Hackers <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: "default deny" for roles |
| Date: | 2012-08-28 17:51:26 |
| Message-ID: | 4547.1346176286@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
David Fetter <david(at)fetter(dot)org> writes:
> There are situations where a "default deny" policy is the best fit.
> To that end, I have a modest proposal:
> REVOKE PUBLIC FROM role;
Neither possible nor sensible. PUBLIC means everybody, and is
implemented in a way that doesn't allow any other meaning.
We pretty much have "default deny" at the other end anyway, in that most
types of objects start out without any permissions granted to PUBLIC.
So I don't think you've made an adequate (or indeed any) case for
needing this, even if it were redesigned into something less screwy.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2012-08-28 18:12:32 | Re: "default deny" for roles |
| Previous Message | Jim Nasby | 2012-08-28 17:40:28 | Re: MySQL search query is not executing in Postgres DB |