Search Postgresql Archives

Re: No PUBLIC access by default?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Peter Fein wrote:
> Hi all-
> 
> Is there any way to disable PUBLIC access by default?  When I create

You can revoke permissions from the public schema, and you can even
delete the public schema entirely.  I did the first:

revoke create on schema public from public
revoke create on tablespace pg_default from public
revoke create on tablespace pg_global from public

If you do this while connect to template1, then all future databases
will have this set up at the time the database is created.

> a new object (table, function, etc.), it has no ACL, as expected.
> However, the first time I run:  
> 
> GRANT ALL ON FUNCTION foo() to GROUP developers;
> 
> Postgress seems to do:
> 
> GRANT ALL ON FUNCTION foo() to PUBLIC;
> 
> I assume this is b/c no ACL is equivalent to PUBLIC access & this
> gets included when adding specific privileges. 
> 
> I want *no* PUBLIC access to anything by default for security
> reasons. Is there a way to prevent this behavior? 
> 
> ---------------------------(end of
> broadcast)--------------------------- 
> TIP 4: Have you searched our list archives?
> 
>                http://archives.postgresql.org



-- 
Guy Rouillier


---------------------------(end of broadcast)---------------------------
TIP 1: if posting/reading through Usenet, please send an appropriate
       subscribe-nomail command to majordomo@xxxxxxxxxxxxxx so that your
       message can get through to the mailing list cleanly


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux