Re: Best practice running a shared DB hosting server
| От | Scott Marlowe |
|---|---|
| Тема | Re: Best practice running a shared DB hosting server |
| Дата | |
| Msg-id | dcc563d10808181208y17618553h942b1bab7924cd25@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: Best practice running a shared DB hosting server (Thomas Jacob <jacob@internet24.de>) |
| Список | pgsql-admin |
On Mon, Aug 18, 2008 at 12:24 PM, Thomas Jacob <jacob@internet24.de> wrote: > On Mon, Aug 18, 2008 at 10:49:49AM -0600, Scott Marlowe wrote: >> On Mon, Aug 18, 2008 at 10:38 AM, Thomas Jacob <jacob@internet24.de> wrote: >> > I've changed my approach by revoking rights to schema public >> > from PUBLIC in the template1, and then granting all rights >> > to again just to the "main" user, and usage rights to >> > the additional users. >> > >> > So people aren't forced to use schemas. >> >> Not sure exactly what you mean. Everything in pgsql lives in a >> schema, whether it's public or another schema. By judicious use of >> the search_path settings you can make the use of such schemas nearly >> transparent to the users, but they're still there. > > Sorry, that was very vague. Some people might just be used > to there being an explicit public schema. This is not very > likely, agreed, but if having access to the public schema is not > a security risk, then there is no need to force users to create additional > schemas if they don't want to. Right, I'd just keep the public schema. the only issue with it is that by default any user who can log into a database can create things there. However, you can revoke those privileges from public then explicitly grant them to the users of that database.
В списке pgsql-admin по дате отправления: