On Wed, Mar 07, 2018 at 09:22:16AM -0500, Peter Eisentraut wrote: > On 3/6/18 15:20, Robert Haas wrote: > > On Sat, Mar 3, 2018 at 4:56 AM, Noah Misch <n...@leadboat.com> wrote: > >> I propose, for v11, switching to "GRANT USAGE ON SCHEMA > >> public TO PUBLIC" (omit CREATE). Concerns? An alternative is to change > >> the > >> default search_path to "$user"; that would be break more applications, and > >> I > >> don't see an advantage to compensate for that. > > > > Isn't this going to cause widespread breakage? Unprivileged users > > will suddenly find that they can no longer create tables, because > > $user doesn't exist and they don't have permission on public. That > > seems quite unfriendly. > > Moreover, the problem is that if you have database owners that are not > superusers, they can't easily fix the issue themselves. Since the > public schema is owned by postgres, they database owner can't just go in > and run GRANT CREATE ON SCHEMA PUBLIC TO whomever to restore the old > behavior or grant specific access. It would be simpler if we didn't > install a public schema by default at all.
That's a good point. Worse, a user with CREATEDB privilege would be able to create new databases and immediately create and use any schema _except_ public. That is rather silly.
