On Wed, Jun 29, 2011 at 4:49 PM, Alvaro Herrera
<alvherre@commandprompt.com> wrote:
> Excerpts from Robert Haas's message of mié jun 29 13:42:34 -0400 2011:
>
>> > How about this?
>> >
>> > Some types of objects deny all privileges to PUBLIC by default. These
>> > are tables, columns, schemas and tablespaces. For other types, the
>> > default privileges granted to PUBLIC are as follows: CONNECT privilege
>> > and TEMP table creation privilege for databases; EXECUTE privilege for
>> > functions; and USAGE privilege for languages. The object owner can,
>> > of course, revoke both default and expressly granted privileges.
>>
>> Or, since I find the use of the word "deny" a bit unclear:
>>
>> When a table, column, schema, or tablespace is created, no privileges
>> are granted to PUBLIC. But for other objects, some privileges will be
>> granted to PUBLIC automatically at the time the object is created:
>> CONNECT privilege and TEMP table creation privilege for database, ...
>> <etc., the rest as you have it>
>
> Hmm, I like David's suggestion better, but I agree with you that "deny"
> isn't the right verb there. I have no better suggestions at moment
> though.
Well, I think the only relevant verb is "grant", so that's why I was
trying to phrase it in terms of the negative of that - i.e. explain
that, in this case, we don't grant anything.
--
Robert Haas
EnterpriseDB: http://www.enterprisedb.com
The Enterprise PostgreSQL Company