Re: "default deny" for roles

Поиск
Список
Период
Сортировка
От Tom Lane
Тема Re: "default deny" for roles
Дата
Msg-id 4547.1346176286@sss.pgh.pa.us
обсуждение исходный текст
Ответ на "default deny" for roles  (David Fetter <david@fetter.org>)
Список pgsql-hackers
Дерево обсуждения 
David Fetter <david@fetter.org> writes:
> There are situations where a "default deny" policy is the best fit.

> To that end, I have a modest proposal:

>     REVOKE PUBLIC FROM role;

Neither possible nor sensible.  PUBLIC means everybody, and is
implemented in a way that doesn't allow any other meaning.

We pretty much have "default deny" at the other end anyway, in that most
types of objects start out without any permissions granted to PUBLIC.
So I don't think you've made an adequate (or indeed any) case for
needing this, even if it were redesigned into something less screwy.
        regards, tom lane

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Jim Nasby
Дата:
Сообщение: Re: MySQL search query is not executing in Postgres DB
Следующее
От: Stephen Frost
Дата:
Сообщение: Re: "default deny" for roles