Re: public schema default ACL

Noah Misch <noah@leadboat.com>

From: Noah Misch <noah@leadboat.com>
To: Peter Eisentraut <peter.eisentraut@2ndquadrant.com>
Cc: Robert Haas <robertmhaas@gmail.com>, "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>, "David G. Johnston" <david.g.johnston@gmail.com>, Stephen Frost <sfrost@snowman.net>, Alvaro Herrera <alvherre@alvh.no-ip.org>, Tom Lane <tgl@sss.pgh.pa.us>
Date: 2020-10-11T07:57:29Z
Lists: pgsql-hackers
On Wed, Aug 05, 2020 at 10:05:28PM -0700, Noah Misch wrote:
> On Mon, Aug 03, 2020 at 07:46:02PM +0200, Peter Eisentraut wrote:
> > The important things in my mind are that you keep an easy onboarding
> > experience (you can do SQL things without having to create and unlock a
> > bunch of things first) and that advanced users can do the things they want
> > to do *somehow*.
> 
> Makes sense.  How do these options differ in ease of onboarding?  In that
> light, what option would you pick?

Ping.  Your statement above seems to suggest one of the options more than
others, but I'd rather not assume you see it the same way.



Commits

  1. Revoke PUBLIC CREATE from public schema, now owned by pg_database_owner.

  2. Document security implications of search_path and the public schema.