Re: postgres db permissions

On 06/02/2015 11:46 AM, Tom Lane wrote:
> Adrian Klaver <adrian.klaver@aklaver.com> writes:
>> On 06/02/2015 11:04 AM, Steve Pribyl wrote:
>>> I have noted that  "GRANT ALL ON SCHEMA public TO public" is granted
>>> on postgres.schemas.public.  I am looking at this in pgadmin so excuse
>>> my nomenclature.
>
>>> Is this what is allowing write access to the database?
>
>> Yes, though that should not be the default.
>
> Huh?  Of course it's the default.  I'm not really sure why the OP is
> surprised at this.  A database that won't let you create any tables
> is not terribly useful.

Aah, me being stupid.

>
> If you don't like this, you can get rid of the database's public schema
> and/or restrict who has CREATE permissions on it.  But I can't see us
> shipping a default configuration in which only superusers can create
> tables.  That would just encourage people to operate as superusers, which
> overall would be much less secure.

>
>             regards, tom lane
>


--
Adrian Klaver
adrian.klaver@aklaver.com