I have a lab with a database that I would like to use as a "multi-tenant" database, in that I would like to create a database for each of the applications that I'm running and segregate access so that user foo and user bar cannot see anything about their neighbors. I'm somewhat surprised to discover that any new user, by default, has the ability to list databases
This cannot be prevented.
, connect to them
and list their tables.
Requires being connected to the database being inspected.
My understanding is that this ability is inherited from the public role (could use confirmation of this)?
Yes, public is what gets the default connection grant to newly created databases.
David J.