On 5/25/22 08:20, Tom Lane wrote:
Rob Sargent <robjsargent@gmail.com> writes:
Just wondering if I've bumped into some security issue.
I'm somewhat surprised that "grant connect to database <dbname> to
<role>" appears to be stored "by name"?
I think you are forgetting that databases have a default GRANT CONNECT
TO PUBLIC. You need to revoke that before other grants/revokes will
have any functional effect.
regards, tom lane
And then the search path is "just a string"?
psql --user oldrole --dbname newdb --host $DBHOST
psql (12.11, server 12.7)
SSL connection (protocol: TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384, bits: 256, compression: off)
Type "help" for help.
newdb=> show search_path;
search_path
--------------------
study, base, public
(1 row)