On 06/02/2015 11:46 AM, Tom Lane wrote:
Adrian Klaver <adrian.klaver@xxxxxxxxxxx> writes:
On 06/02/2015 11:04 AM, Steve Pribyl wrote:
I have noted that "GRANT ALL ON SCHEMA public TO public" is granted
on postgres.schemas.public. I am looking at this in pgadmin so excuse
my nomenclature.
Is this what is allowing write access to the database?
Yes, though that should not be the default.
Huh? Of course it's the default. I'm not really sure why the OP is
surprised at this. A database that won't let you create any tables
is not terribly useful.
Aah, me being stupid.
If you don't like this, you can get rid of the database's public schema
and/or restrict who has CREATE permissions on it. But I can't see us
shipping a default configuration in which only superusers can create
tables. That would just encourage people to operate as superusers, which
overall would be much less secure.
regards, tom lane
--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx
--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general