On Thu, Nov 12, 2020 at 06:36:39PM -0800, Noah Misch wrote: > On Mon, Nov 09, 2020 at 02:56:53PM -0500, Bruce Momjian wrote: > > On Mon, Nov 2, 2020 at 11:05:15PM -0800, Noah Misch wrote: > > > My plan is for the default to become: > > > > > > GRANT USAGE ON SCHEMA public TO PUBLIC; > > > ALTER SCHEMA public OWNER TO DATABASE_OWNER; -- new syntax > > > > Seems it would be better to create a predefined role that owns the > > public schema, or at least has create permission for the public schema > > --- that way, when you are creating a role, you can decide if the role > > should have creation permissions in the public schema, rather than > > having people always using the database owner for this purpose. > > Defaulting to a specific predefined role empowers the role's members in all > databases simultaneously. Folks who want it like that can create a role and > issue "ALTER SCHEMA public OWNER TO that_role" in template1. What's the > better default? I think that depends on whether you regard this schema as a > per-database phenomenon or a per-cluster phenomenon.
Ah, I see your point. I was just thinking we don't want everyone logging in as the db user, or given super-user permissions, so haveing a non-login role would help, but we can just document how to do it. -- Bruce Momjian <br...@momjian.us> https://momjian.us EnterpriseDB https://enterprisedb.com The usefulness of a cup is in its emptiness, Bruce Lee
