Re: public schema default ACL
| От | Noah Misch |
|---|---|
| Тема | Re: public schema default ACL |
| Дата | |
| Msg-id | 20180309065427.GA1955713@rfd.leadboat.com обсуждение исходный текст |
| Ответ на | Re: public schema default ACL (Peter Eisentraut <peter.eisentraut@2ndquadrant.com>) |
| Список | pgsql-hackers |
On Wed, Mar 07, 2018 at 09:22:16AM -0500, Peter Eisentraut wrote: > On 3/6/18 15:20, Robert Haas wrote: > > On Sat, Mar 3, 2018 at 4:56 AM, Noah Misch <noah@leadboat.com> wrote: > >> I propose, for v11, switching to "GRANT USAGE ON SCHEMA > >> public TO PUBLIC" (omit CREATE). Concerns? An alternative is to change the > >> default search_path to "$user"; that would be break more applications, and I > >> don't see an advantage to compensate for that. > > > > Isn't this going to cause widespread breakage? Unprivileged users > > will suddenly find that they can no longer create tables, because > > $user doesn't exist and they don't have permission on public. That > > seems quite unfriendly. > > Moreover, the problem is that if you have database owners that are not > superusers, they can't easily fix the issue themselves. Since the > public schema is owned by postgres, they database owner can't just go in > and run GRANT CREATE ON SCHEMA PUBLIC TO whomever to restore the old > behavior or grant specific access. It would be simpler if we didn't > install a public schema by default at all. That's a good point. Worse, a user with CREATEDB privilege would be able to create new databases and immediately create and use any schema _except_ public. That is rather silly.
В списке pgsql-hackers по дате отправления: