On Wed, Jun 29, 2011 at 04:49:15PM -0400, Alvaro Herrera wrote: > Excerpts from Robert Haas's message of mié jun 29 13:42:34 -0400 2011: > > > > How about this? > > > > > > Some types of objects deny all privileges to PUBLIC by default. > > > These are tables, columns, schemas and tablespaces. For other > > > types, the default privileges granted to PUBLIC are as follows: > > > CONNECT privilege and TEMP table creation privilege for > > > databases; EXECUTE privilege for functions; and USAGE privilege > > > for languages. The object owner can, of course, revoke both > > > default and expressly granted privileges. > > > > Or, since I find the use of the word "deny" a bit unclear: > > > > When a table, column, schema, or tablespace is created, no > > privileges are granted to PUBLIC. But for other objects, some > > privileges will be granted to PUBLIC automatically at the time the > > object is created: CONNECT privilege and TEMP table creation > > privilege for database, ... <etc., the rest as you have it> > > Hmm, I like David's suggestion better, but I agree with you that > "deny" isn't the right verb there. I have no better suggestions at > moment though.
I chose "deny" in the sense of "default deny," which is a term of art in security engineering referring to an access control policy. http://en.wikipedia.org/wiki/Security_engineering#Security_stance Cheers, David. -- David Fetter <da...@fetter.org> http://fetter.org/ Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter Skype: davidfetter XMPP: david.fet...@gmail.com iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics Remember to vote! Consider donating to Postgres: http://www.postgresql.org/about/donate -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
