On Wednesday, May 25, 2022, Rob Sargent <robjsarg...@gmail.com> wrote:
> On 5/25/22 08:20, Tom Lane wrote: > > Rob Sargent <robjsarg...@gmail.com> <robjsarg...@gmail.com> writes: > > Just wondering if I've bumped into some security issue. > I'm somewhat surprised that "grant connect to database <dbname> to > <role>" appears to be stored "by name"? > > I think you are forgetting that databases have a default GRANT CONNECT > TO PUBLIC. You need to revoke that before other grants/revokes will > have any functional effect. > > regards, tom lane > > And then the search path is "just a string"? > > > Search_path isn’t a security component and accepts, but ignores, unknown names. So yes, it is just a string. David J.
