Skip site navigation (1) Skip section navigation (2)

Re: default privileges wording

From: Robert Haas <robertmhaas(at)gmail(dot)com>
To: Alvaro Herrera <alvherre(at)commandprompt(dot)com>
Cc: David Fetter <david(at)fetter(dot)org>, Andrew Dunstan <andrew(at)dunslane(dot)net>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: default privileges wording
Date: 2011-06-30 00:42:58
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers
On Wed, Jun 29, 2011 at 4:49 PM, Alvaro Herrera
<alvherre(at)commandprompt(dot)com> wrote:
> Excerpts from Robert Haas's message of mié jun 29 13:42:34 -0400 2011:
>> > How about this?
>> >
>> > Some types of objects deny all privileges to PUBLIC by default.  These
>> > are tables, columns, schemas and tablespaces.  For other types, the
>> > default privileges granted to PUBLIC are as follows: CONNECT privilege
>> > and TEMP table creation privilege for databases; EXECUTE privilege for
>> > functions; and USAGE privilege for languages.  The object owner can,
>> > of course, revoke both default and expressly granted privileges.
>> Or, since I find the use of the word "deny" a bit unclear:
>> When a table, column, schema, or tablespace is created, no privileges
>> are granted to PUBLIC.  But for other objects, some privileges will be
>> granted to PUBLIC automatically at the time the object is created:
>> CONNECT privilege and TEMP table creation privilege for database, ...
>> <etc., the rest as you have it>
> Hmm, I like David's suggestion better, but I agree with you that "deny"
> isn't the right verb there.  I have no better suggestions at moment
> though.

Well, I think the only relevant verb is "grant", so that's why I was
trying to phrase it in terms of the negative of that - i.e. explain
that, in this case, we don't grant anything.

Robert Haas
The Enterprise PostgreSQL Company

In response to


pgsql-hackers by date

Next:From: Joe ConwayDate: 2011-06-30 00:43:31
Subject: Re: SECURITY LABEL on shared database object
Previous:From: Tatsuo IshiiDate: 2011-06-30 00:42:33
Subject: Re: Adding Japanese README

Privacy Policy | About PostgreSQL
Copyright © 1996-2018 The PostgreSQL Global Development Group