On 08/28/2012 09:09 PM, Craig Ringer wrote:
On 08/29/2012 01:25 AM, David Fetter wrote:
Folks,
There are situations where a "default deny" policy is the best fit.
To that end, I have a modest proposal:
REVOKE PUBLIC FROM role;
Thenceforth, the role in question would only have access to things it
was specifically granted.
Wouldn't that render the user utterly unable to do anything until you
added a bunch of GRANTs on the system catalogs for that user or a
group they're a member of?
No.
Try it and see. You can do a lot without having any access rights at all
to the catalog tables.
cheers
andrew
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
