| From: | Christoph Moench-Tegeder <cmt(at)burggraben(dot)net> |
|---|---|
| To: | Dominique Devienne <ddevienne(at)gmail(dot)com> |
| Cc: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: public schema grants to PUBLIC role |
| Date: | 2023-03-09 11:35:11 |
| Message-ID: | ZAnEb0jn09gISJaU@squirrel.exwg.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
## Dominique Devienne (ddevienne(at)gmail(dot)com):
> Hi. I've recently realized via a post (or article?) from Laurenz that the
> PUBLIC role has CREATE privilege on the 'public' schema by default (see
> query below). I guess it can't be avoided?
You could just use PostgreSQL 15:
https://www.postgresql.org/docs/15/release-15.html#id-1.11.6.7.4
> In particular, we need extensions, which are loaded in public by default.
> Will USAGE of public be enough for LOGIN users having access to the DB to
> use extensions?
Plus any grants on the extension's object.
> More broadly, we want to secure the DB so that all DB access and schema
> access are explicit.
> Anything else to be aware of please, beside the two mentioned above?
Have a look at default privileges and group roles, that will make your
life much easier.
https://www.postgresql.org/docs/15/ddl-priv.html
Regards,
Christoph
--
Spare Space.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tim Clarke | 2023-03-09 12:14:30 | RE: Blog post series on commitfests and patches |
| Previous Message | houzj.fnst@fujitsu.com | 2023-03-09 09:58:52 | RE: Support logical replication of DDLs |