Re: pgsql: Revoke PUBLIC CREATE from public schema, now owned by pg_databas
David G. Johnston <david.g.johnston@gmail.com>
From: "David G. Johnston" <david.g.johnston@gmail.com>
To: Tom Lane <tgl@sss.pgh.pa.us>
Cc: Robert Haas <robertmhaas@gmail.com>, Noah Misch <noah@leadboat.com>, "pgsql-hackers@postgresql.org" <pgsql-hackers@postgresql.org>
Date: 2022-11-30T22:58:36Z
Lists: pgsql-hackers
On Wed, Nov 30, 2022 at 3:35 PM Tom Lane <tgl@sss.pgh.pa.us> wrote: > > BTW, is "create a schema with the same name" sufficient detail? > You have to either make it owned by that user, or explicitly > grant CREATE permission on it. I'm not sure if that detail > belongs here, but it feels like maybe it does. > > I'd mention the ownership variant and suggest using the AUTHORIZATION clause, with an explicit example. CREATE SCHEMA role_name AUTHORIZATION role_name; David J.
Commits
-
Doc: word-smith the discussion of secure schema usage patterns.
- ef2d7c6f0ba9 16.0 landed
- afa4a4f764cc 15.2 landed
-
Fix the public schema's permissions in a separate test script.
- 944dc45d1b63 15.0 landed
-
Revoke PUBLIC CREATE from public schema, now owned by pg_database_owner.
- b073c3ccd06e 15.0 cited