> On Aug 1, 2023, at 10:13, William Edwards <wedwards@xxxxxxxxxxxxxx> wrote: > This allows all local users connecting over TCP to access all databases, not only the databases that the user is a member of as one might expect. There's really no notion of a user being "a member of" a database in PostgreSQL. Users are global resources, which are either granted access to a particular database, or aren't. In your example, you explicitly grant access to the databases to the users you are creating. Since a default installation of PostgreSQL contains only one superuser role, and the `postgres` database, any other access requires specific intervention on the part of someone with a superuser account.
