On 06/02/2015 11:46 AM, Tom Lane wrote:
> Adrian Klaver <adrian.klaver@aklaver.com> writes:
>> On 06/02/2015 11:04 AM, Steve Pribyl wrote:
>>> I have noted that "GRANT ALL ON SCHEMA public TO public" is granted
>>> on postgres.schemas.public. I am looking at this in pgadmin so excuse
>>> my nomenclature.
>
>>> Is this what is allowing write access to the database?
>
>> Yes, though that should not be the default.
>
> Huh? Of course it's the default. I'm not really sure why the OP is
> surprised at this. A database that won't let you create any tables
> is not terribly useful.
Aah, me being stupid.
>
> If you don't like this, you can get rid of the database's public schema
> and/or restrict who has CREATE permissions on it. But I can't see us
> shipping a default configuration in which only superusers can create
> tables. That would just encourage people to operate as superusers, which
> overall would be much less secure.
>
> regards, tom lane
>
--
Adrian Klaver
adrian.klaver@aklaver.com