randygrolemund@gmail.com writes:
> Another team member created a new db, and did not assign any users
> permission to that db. It appears at least one of the users (no super user
> permissions) can read and write to that db. It doesn't make any sense how
> this is working.
Well, as noted in the GRANT reference page, the default for a new database
is to grant CONNECT privilege to PUBLIC; if you don't like that you need
to revoke it, or (usually less desirable) use pg_hba.conf rules to
restrict access. Depending on how much you want to lock down access,
you might also want to revoke TEMP privilege and/or remove or restrict
the "public" schema within that database.
If none of those are the problem then you need to provide considerably
more detail. But so far I see nothing here that sounds like it's not
operating as designed.
https://www.postgresql.org/docs/current/static/bug-reporting.html
regards, tom lane
--
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs