On Mon, Aug 18, 2008 at 12:24 PM, Thomas Jacob <jacob@xxxxxxxxxxxxx> wrote: > On Mon, Aug 18, 2008 at 10:49:49AM -0600, Scott Marlowe wrote: >> On Mon, Aug 18, 2008 at 10:38 AM, Thomas Jacob <jacob@xxxxxxxxxxxxx> wrote: >> > I've changed my approach by revoking rights to schema public >> > from PUBLIC in the template1, and then granting all rights >> > to again just to the "main" user, and usage rights to >> > the additional users. >> > >> > So people aren't forced to use schemas. >> >> Not sure exactly what you mean. Everything in pgsql lives in a >> schema, whether it's public or another schema. By judicious use of >> the search_path settings you can make the use of such schemas nearly >> transparent to the users, but they're still there. > > Sorry, that was very vague. Some people might just be used > to there being an explicit public schema. This is not very > likely, agreed, but if having access to the public schema is not > a security risk, then there is no need to force users to create additional > schemas if they don't want to. Right, I'd just keep the public schema. the only issue with it is that by default any user who can log into a database can create things there. However, you can revoke those privileges from public then explicitly grant them to the users of that database.
