Re: postgres db permissions

Adrian Klaver <adrian.klaver@aklaver.com> writes:
> On 06/02/2015 11:04 AM, Steve Pribyl wrote:
>> I have noted that  "GRANT ALL ON SCHEMA public TO public" is granted
>> on postgres.schemas.public.  I am looking at this in pgadmin so excuse
>> my nomenclature.

>> Is this what is allowing write access to the database?

> Yes, though that should not be the default.

Huh?  Of course it's the default.  I'm not really sure why the OP is
surprised at this.  A database that won't let you create any tables
is not terribly useful.

If you don't like this, you can get rid of the database's public schema
and/or restrict who has CREATE permissions on it.  But I can't see us
shipping a default configuration in which only superusers can create
tables.  That would just encourage people to operate as superusers, which
overall would be much less secure.

            regards, tom lane