Re: default privileges wording

On Wed, Jun 29, 2011 at 04:49:15PM -0400, Alvaro Herrera wrote:
> Excerpts from Robert Haas's message of mié jun 29 13:42:34 -0400 2011:
> 
> > > How about this?
> > >
> > > Some types of objects deny all privileges to PUBLIC by default.
> > >  These are tables, columns, schemas and tablespaces.  For other
> > > types, the default privileges granted to PUBLIC are as follows:
> > > CONNECT privilege and TEMP table creation privilege for
> > > databases; EXECUTE privilege for functions; and USAGE privilege
> > > for languages.  The object owner can, of course, revoke both
> > > default and expressly granted privileges.
> > 
> > Or, since I find the use of the word "deny" a bit unclear:
> > 
> > When a table, column, schema, or tablespace is created, no
> > privileges are granted to PUBLIC.  But for other objects, some
> > privileges will be granted to PUBLIC automatically at the time the
> > object is created: CONNECT privilege and TEMP table creation
> > privilege for database, ...  <etc., the rest as you have it>
> 
> Hmm, I like David's suggestion better, but I agree with you that
> "deny" isn't the right verb there.  I have no better suggestions at
> moment though.

I chose "deny" in the sense of "default deny," which is a term of art
in security engineering referring to an access control policy.

http://en.wikipedia.org/wiki/Security_engineering#Security_stance

Cheers,
David.
-- 
David Fetter <david@fetter.org> http://fetter.org/
Phone: +1 415 235 3778  AIM: dfetter666  Yahoo!: dfetter
Skype: davidfetter      XMPP: david.fetter@gmail.com
iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics

Remember to vote!
Consider donating to Postgres: http://www.postgresql.org/about/donate