Hey all, I'm a bit confused about the way databases are created in postgresql, and the permissions that are set for new databases. First of all I was surprised, that the default database template (template1) has privileges for the public schema by default. That seems a bit too permissive to me, hence I revoked the public privileges from the public schema in temlate1. Further CONNECT and TEMPORARY is granted to anyone on each new database. Can that behavior be disabled? The other problem I came across is that after creating a database from any template, only the database owner is changed, e.g., databases created from the default template contain the schema public and the owner is still the original owner. In the default case the public schema is owned by postgres and the database owner can't do anything against it: test=> ALTER SCHEMA public OWNER TO newuser; ERROR: must be owner of schema public test=> GRANT ALL ON SCHEMA public TO newuser; ERROR: permission denied for schema public (newuser is database owner) Is there any way the database owner can take the ownership of schemas? If not there seems to be no point in creating a (not completely empty) database as a non superuser. I think the best would be if the template owner is replaced for all nested elements on database creation and not only for the database itself. In my opinion the defaults are very unintuitive: having public privileges as default can be dangerous, as it can be overlooked easily. The command line client is not even showing the default privileges (=Tc/test) before they have been altered. Is all the above correct or are there any solutions? Janis -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
