Re: connect permission based on database name
| От | David G. Johnston |
|---|---|
| Тема | Re: connect permission based on database name |
| Дата | |
| Msg-id | CAKFQuwbtH3tGhz5PNUWL6HQzhmMG_+qLpbaE3WtuSxSorMh1Pg@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: connect permission based on database name (Rob Sargent <robjsargent@gmail.com>) |
| Ответы |
Re: connect permission based on database name
|
| Список | pgsql-general |
On Wednesday, May 25, 2022, Rob Sargent <robjsargent@gmail.com> wrote:
On 5/25/22 08:20, Tom Lane wrote:And then the search path is "just a string"?Rob Sargent <robjsargent@gmail.com> writes:Just wondering if I've bumped into some security issue. I'm somewhat surprised that "grant connect to database <dbname> to <role>" appears to be stored "by name"?I think you are forgetting that databases have a default GRANT CONNECT TO PUBLIC. You need to revoke that before other grants/revokes will have any functional effect. regards, tom lane
Search_path isn’t a security component and accepts, but ignores, unknown names. So yes, it is just a string.
David J.
В списке pgsql-general по дате отправления: