| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | Erik Nelson <erik(at)nsk(dot)io> |
| Cc: | "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: How to set default privilege for new users to have no access to other databases? |
| Date: | 2023-08-10 16:06:58 |
| Message-ID: | CAKFQuwZ5E4ZZy2U52Rku38VqTdmOWz8cidk8U=z9PTPk+pYaHA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Wednesday, August 9, 2023, Erik Nelson <erik(at)nsk(dot)io> wrote:
> I have a lab with a database that I would like to use as a "multi-tenant"
> database, in that I would like to create a database for each of the
> applications that I'm running and segregate access so that user foo and
> user bar cannot see anything about their neighbors. I'm somewhat surprised
> to discover that any new user, *by default*, has the ability to list
> databases
>
This cannot be prevented.
> , connect to them
>
https://www.postgresql.org/docs/current/sql-alterdefaultprivileges.html
> and list their tables.
>
Requires being connected to the database being inspected.
> My understanding is that this ability is inherited from the public role
> (could use confirmation of this)?
>
Yes, public is what gets the default connection grant to newly created
databases.
David J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Marc Millas | 2023-08-10 21:36:33 | pb with big volumes |
| Previous Message | Adrian Klaver | 2023-08-10 14:41:01 | Re: PgSQL 15.3: Execution plan not using index as expected |