Re: Ver 15.X and restriction for schema=public

On 12/23/24 11:26 AM, Bharani SV-forum wrote:
> Team
> I am in the process of upgrading EC2-PGS ver 13.X to 15.X
> I am aware  since ver 14.X, we have restriction in the usage of 
> schema=public and the DBA need to grant exclusive priv for the tagged db 
> user's.

Are you referring to this?:

https://www.postgresql.org/docs/15/release-15.html

"Remove PUBLIC creation permission on the public schema (Noah Misch) §

The new default is one of the secure schema usage patterns that Section 
5.9.6 has recommended since the security release for CVE-2018-1058. The 
change applies to new database clusters and to newly-created databases 
in existing clusters. Upgrading a cluster or restoring a database dump 
will preserve public's existing permissions.

For existing databases, especially those having multiple users, consider 
revoking CREATE permission on the public schema to adopt this new 
default. For new databases having no need to defend against insider 
threats, granting CREATE permission will yield the behavior of prior 
releases.
"


> 
> Assume i want to enforce it,
> Can i retag all the object tables/indexex/packages/procedures/functions 
> etc tagged under schema =public to a newly created schema e.g = 
> *schemaname = allowallusr *and grant respective priv's.
> 
> Whether it will resolve the issue, as application time need time to 
> validated all the use case for testing the objects which is present 
> under schema=public and ported to new schema= allowallusr .
> 
> Any suggestions or best practise

-- 
Adrian Klaver
adrian.klaver@aklaver.com