On 9 August 2018 at 18:18, David Kohn <djk...@gmail.com> wrote: Anyway, I guess all of this seems to introduce a lot more complexity into > an already complex permissions management system...is this all about the > public schema? Can we just make create function/operator etc something you > have to grant even in the public schema? It seems like that could be > significantly more user friendly than this. >
Already true, if you do: REVOKE CREATE ON SCHEMA public FROM PUBLIC; Which I do, in all my databases, and which is probably a good idea in most scenarios. > Or otherwise, would functions owned by the database or schema owner be > exempt from this? Because there are many setups where people try to avoid > superuser usage by creating database or schema owner users who can do > things like create function, which a normal users can now use. Would checks > be skipped if the function call is schema qualified because then there's no > reasonable way to think that someone is being fooled about which function > they are executing? > At present, permissions are completely separate from ownership: your ability to use an object does not depend on who owns what (I believe you can even revoke your own rights to use your own stuff). I suspect changing this is probably not a good idea.
