Yambu <hyambu@xxxxxxxxx> writes: > Hello > > I created a user like this > > CREATE USER user1 WITH PASSWORD '<password>'; > > GRANT CONNECT ON DATABASE db1 TO user1; > GRANT SELECT ON ALL TABLES IN SCHEMA public TO user1; > > What amazes me is that when I connect using user1, I'm able to create a > table and drop it. How can this be? In PG, all users by default have access to a PUBLIC schema as well as their user schema. The schema is really public, so full access to create/drop tables etc. The search path determines which schemas are searched and the search order. I rarely use the PUBLIC schema for an application. While you can revoke access at various levels, it often has unexpected consequences because different users may have different expectations with respect to the PUBLIC schema and what access users have. To have tables and other objects where you explicitly manage the access by users, your best bet is to create an application specific schema. You can then set the default grant permissions on that schema and its objects without fear of impacting on other users and manage access rights how you see fit. In fact, for more complex applications, I might have multiple schemas. In addition to enabling more flexible access control, schemas can also make it easier to backup, restore and migrate data between environments. Some people don't like using schemas because they don't like having to prefix object names with the schema name, but I find this is often a sign of not using the path and search_path settings appropriately. Personally, I prefer to be explicit and specify the schema rather than relying on individual configuration and setup of login profiles. -- Tim Cross
