On Tue, May 10, 2022 at 11:44:15AM -0400, Bruce Momjian wrote: > I have completed the first draft of the PG 15 release notes
> <!-- > Author: Noah Misch <n...@leadboat.com> > 2021-09-09 [b073c3ccd] Revoke PUBLIC CREATE from public schema, now owned by > pg > --> > > <listitem> > <para> > Remove <literal>PUBLIC</literal> creation permission on the <link > linkend="ddl-schemas-public"><literal>public</literal> schema</link> > (Noah Misch) > </para> > > <para> > This is a change in the default for newly-created databases in > existing clusters and for new clusters; <literal>USAGE</literal> If you dump/reload an unmodified v14 template1 (as pg_dumpall and pg_upgrade do), your v15 template1 will have a v14 ACL on its public schema. At that point, the fate of "newly-created databases in existing clusters" depends on whether you clone template1 or template0. Does any of that detail belong here, or does the existing text suffice? > permissions on the <literal>public</literal> schema has not > been changed. Databases restored from previous Postgres releases > will be restored with their current permissions. Users wishing > to have the old permissions on new objects will need to grant The phrase "old permissions on new objects" doesn't sound right to me, but I'm not sure why. I think you're aiming for the fact that this is just a default; one can still change the ACL to anything, including to the old default. If these notes are going to mention the old default like they do so far, I think they should also urge readers to understand https://www.postgresql.org/docs/devel/ddl-schemas.html#DDL-SCHEMAS-PATTERNS before returning to the old default. What do you think? > <literal>CREATE</literal> permission for <literal>PUBLIC</literal> > on the <literal>public</literal> schema; this change can be made > on <literal>template1</literal> to cause all new databases > to have these permissions. <literal>template1</literal> > permissions for <application>pg_dumpall</application> and > <application>pg_upgrade</application>? pg_dumpall will change template1. I think pg_upgrade will too, and neither program will change template0. > </para> > </listitem> > > <!-- > Author: Noah Misch <n...@leadboat.com> > 2021-09-09 [b073c3ccd] Revoke PUBLIC CREATE from public schema, now owned by > pg > --> > > <listitem> > <para> > Change the owner of the <literal>public</literal> schema to > <literal>pg_database_owner</literal> (Noah Misch) > </para> > > <para> > Previously it was the literal user name of the database owner. It was the bootstrap superuser. > Databases restored from previous Postgres releases will be restored > with their current owner specification. > </para> > </listitem>
