I was just reading the docs on default privileges, and they say this:
Depending on the type of object, the initial default privileges might include granting some privileges to PUBLIC.
Thedefault is no public access for tables, columns, schemas, and tablespaces; CONNECT privilege and TEMP table
creationprivilege for databases; EXECUTE privilege for functions; and USAGE privilege for languages. The object
ownercan of course revoke these privileges.
I had to read it several times before I understood it properly, so I'm
not terribly happy with it. I'm thinking of revising it slightly like this:
Depending on the type of object, the initial default privileges might include granting some privileges to PUBLIC,
includingCONNECT privilege and TEMP table creation privilege for databases, EXECUTE privilege for functions, and
USAGEprivilege for languages. For tables, columns, schemas and tablespaces the default is no public access. The
objectowner can of course revoke any default PUBLIC privileges.
That seems clearer to me, but maybe other people can make it clearer still.
Comments?
cheers
andrew