On Tue, Jul 05, 2022 at 07:47:52PM -0400, Bruce Momjian wrote: > On Tue, Jul 5, 2022 at 02:57:52PM -0700, Noah Misch wrote: > > Since having too-permissive ACLs is usually symptom-free, I share your > > forecast about the more-common question. Expect questions on mailing lists, > > stackoverflow, etc. The right way to answer those questions is roughly > > this: > > > > > On PostgreSQL 15, my application gets "permission denied for schema > > > public". What should I do? > > > > You have a choice to make. The best selection depends on the security > > needs of your database. See > > > > https://www.postgresql.org/docs/devel/ddl-schemas.html#DDL-SCHEMAS-PATTERNS > > for a guide to making that choice. > > > > Recommending GRANT to that two-sentence question would be negligent. One > > should know a database's lack of security needs before recommending GRANT. > > This is a key opportunity to have more users make the right decision while > > their attention is on the topic. > > Yes, I think it is a question of practicality vs. desirability. We are > basically telling people they have to do research to get the old > behavior in their new databases and clusters.
True. I want to maximize the experience for different classes of database: 1. Databases needing user isolation and unknowingly not getting it. 2. Databases not needing user isolation, e.g. automated test environments. Expecting all of these DBAs to read a 500-word doc section is failure-prone. For the benefit of (2), I'm now thinking about adding a release note sentence, "For a new database having zero need to defend against insider threats, granting back the privilege yields the PostgreSQL 14 behavior."
