Re: Making a schema "read-only" (was Unexpected message in grant/revoke script)

Поиск
Список
Период
Сортировка
От Tom Lane
Тема Re: Making a schema "read-only" (was Unexpected message in grant/revoke script)
Дата
Msg-id 24460.1205524509@sss.pgh.pa.us
обсуждение исходный текст
Ответ на Making a schema "read-only" (was Unexpected message in grant/revoke script)  ("Webb Sprague" <webb.sprague@gmail.com>)
Ответы Re: Making a schema "read-only" (was Unexpected message in grant/revoke script)
Список pgsql-general
Дерево обсуждения 
"Webb Sprague" <webb.sprague@gmail.com> writes:
> Also, I revoked what I thought was everything possible on the public
> schema, but a user is still able to create a table in that schema --
> could someone explain:

> oregon=# revoke create on schema public from foobar cascade;
> REVOKE

You've got a conceptual error here: the above only does something if
you'd previously done an explicit "GRANT TO foobar".  You haven't,
so there's nothing to revoke.

The reason people can create stuff in public is that by default,
create on schema public is granted to PUBLIC, ie the world.

Start with
    revoke all on schema public from public
and then grant only what you want.

            regards, tom lane

В списке pgsql-general по дате отправления:

Предыдущее
От: "Scott Marlowe"
Дата:
Сообщение: Re: postgre vs MySQL
Следующее
От: "Webb Sprague"
Дата:
Сообщение: Re: Making a schema "read-only" (was Unexpected message in grant/revoke script)