Tom Lane wrote:
> Larry Rosenman <ler@lerctr.org> writes:
> > I guess the issue is that I'd expect public to be owned by the DB Owner after
> > a CREATE DATABASE foo OWNER bar,
>
> Why? Do you expect the system catalogs to be owned by the DB owner?
> What about other random objects that might have been created in the
> template database? If the DBA has installed nondefault permission
> settings on the public schema or other objects, how do you expect those
> to be transformed?
>
> I do not actually agree with that TODO item, as I think it requires
> AI-completeness to guess what sorts of changes to apply, and getting
> ownership/permissions wrong would create a significant risk of security
> issues.
Caution added to TODO item:
* Set proper permissions on non-system schemas during db creation Currently all schemas are owned by the super-user
becausethey are copied from the template1 database. However, since all objects are inherited from the template
database,it is not clear that setting schemas to the db owner is correct.
-- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB
http://www.enterprisedb.com
+ If your life is a hard drive, Christ can be your backup. +