On 10/18/24 03:11, sreekanta reddy wrote:
Dear PostgreSQL Support Team,
I would also like to suggest an enhancement to the default behavior for
newly created users in PostgreSQL.
*Observed Issue:
*User Created: testdb
Command used: CREATE USER testdb WITH PASSWORD 'dhsfjobodjjbsdj';
After creating the user testdb, I observed that the user could still
view objects, schemas, and their structures, as well as system tables
and views, which contradicts the intended restricted permissions.
What restrictions?
The user has what is specified here:
https://www.postgresql.org/docs/current/ddl-priv.html
Pay particular attention to what is granted to the PUBLIC role.
If you want the role to have less privilges that what the defaults are
then you will need to explicitly revoke them.
--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx
