On 5/25/22 08:44, David G. Johnston wrote:
On Wednesday, May 25, 2022, Rob Sargent <robjsarg...@gmail.com> wrote:
On 5/25/22 08:20, Tom Lane wrote:
Rob Sargent<robjsarg...@gmail.com> <mailto:robjsarg...@gmail.com> writes:
Just wondering if I've bumped into some security issue.
I'm somewhat surprised that "grant connect to database <dbname> to
<role>" appears to be stored "by name"?
I think you are forgetting that databases have a default GRANT CONNECT
TO PUBLIC. You need to revoke that before other grants/revokes will
have any functional effect.
regards, tom lane
And then the search path is "just a string"?
Search_path isn’t a security component and accepts, but ignores,
unknown names. So yes, it is just a string.
David J.
Roger that, thanks.
