On Tue, Jul 05, 2022 at 07:47:52PM -0400, Bruce Momjian wrote:
> On Tue, Jul 5, 2022 at 02:57:52PM -0700, Noah Misch wrote:
> > Since having too-permissive ACLs is usually symptom-free, I share your
> > forecast about the more-common question. Expect questions on mailing lists,
> > stackoverflow, etc. The right way to answer those questions is roughly this:
> >
> > > On PostgreSQL 15, my application gets "permission denied for schema
> > > public". What should I do?
> >
> > You have a choice to make. The best selection depends on the security
> > needs of your database. See
> > https://www.postgresql.org/docs/devel/ddl-schemas.html#DDL-SCHEMAS-PATTERNS
> > for a guide to making that choice.
> >
> > Recommending GRANT to that two-sentence question would be negligent. One
> > should know a database's lack of security needs before recommending GRANT.
> > This is a key opportunity to have more users make the right decision while
> > their attention is on the topic.
>
> Yes, I think it is a question of practicality vs. desirability. We are
> basically telling people they have to do research to get the old
> behavior in their new databases and clusters.
True. I want to maximize the experience for different classes of database:
1. Databases needing user isolation and unknowingly not getting it.
2. Databases not needing user isolation, e.g. automated test environments.
Expecting all of these DBAs to read a 500-word doc section is failure-prone.
For the benefit of (2), I'm now thinking about adding a release note sentence,
"For a new database having zero need to defend against insider threats,
granting back the privilege yields the PostgreSQL 14 behavior."