Re: postgres db permissions

On 06/02/2015 11:46 AM, Tom Lane wrote:
> Adrian Klaver <adrian.klaver@aklaver.com> writes:
>> On 06/02/2015 11:04 AM, Steve Pribyl wrote:
>>> I have noted that  "GRANT ALL ON SCHEMA public TO public" is granted
>>> on postgres.schemas.public.  I am looking at this in pgadmin so excuse
>>> my nomenclature.
>
>>> Is this what is allowing write access to the database?
>
>> Yes, though that should not be the default.
>
> Huh?  Of course it's the default.  I'm not really sure why the OP is
> surprised at this.  A database that won't let you create any tables
> is not terribly useful.

The owner (or super user) should always have access, anybody with access
should not. This argument has actually come up before and you held a
similar view. This should not be possible:

postgres@sqitch:/# psql -U postgres
psql (9.2.11)
Type "help" for help.

postgres=# create user foo;
CREATE ROLE
postgres=# \q

root@sqitch:/# psql -U foo postgres
psql (9.2.11)
Type "help" for help.
postgres=> create table bar (id text);
CREATE TABLE
postgres=>

We can adjust this capability with pg_hba.conf but that is external to
this behavior.

Sincerely,

JD



--
Command Prompt, Inc. - http://www.commandprompt.com/  503-667-4564
PostgreSQL Centered full stack support, consulting and development.
Announcing "I'm offended" is basically telling the world you can't
control your own emotions, so everyone else should do it for you.