Greetings, * Scott Ribe (scott_ribe@xxxxxxxxxxxxxxxx) wrote: > > On Dec 11, 2020, at 1:36 PM, Stephen Frost <sfrost@xxxxxxxxxxx> wrote: > > I'm pretty sure none of this has anything to do with DEFAULT PRIVILEGES > > as those only actually apply when a new table is created (and not from a > > template database), and that's just never the case with any PG catalog > > tables. > > So the fact that default privs were set on the system catalogs was inappropriate, but harmless in this case? Almost certainly. > > What might be useful to point out is that only a superuser can change > > the privileges associated with PG catalog tables and that you really > > should be careful who you grant superuser privileges to. > > Yes, that's one thing I took care of earlier this year: change our processes such that we were able to remove superuser from the commonly-used service accounts. ... and hopefully from most every other account. There's really very little need to have actual superuser rights (something we continue to work to limit the need of with each release). Thanks, Stephen
Attachment:
signature.asc
Description: PGP signature
