Re: connect permission based on database name

On 5/25/22 08:44, David G. Johnston wrote: On Wednesday, May 25, 2022, Rob Sargent wrote: On 5/25/22 08:20, Tom Lane wrote: Rob Sargent writes: Just wondering if I've bumped into some security issue. I'm somewhat surprised that "grant connect t

Re: connect permission based on database name

On Wednesday, May 25, 2022, Rob Sargent wrote: > On 5/25/22 08:20, Tom Lane wrote: > > Rob Sargent writes: > > Just wondering if I've bumped into some security issue. > I'm somewhat surprised that "grant connect to database to > " appears to be stored "by name"? > > I think you are forgetting

Re: connect permission based on database name

On 5/25/22 08:20, Tom Lane wrote: Rob Sargent writes: Just wondering if I've bumped into some security issue. I'm somewhat surprised that "grant connect to database   to " appears to be stored "by name"? I think you are forgetting that databases have a default GRANT CONNECT TO PUBLIC. You nee

Re: connect permission based on database name

On 5/25/22 08:20, Tom Lane wrote: Rob Sargent writes: Just wondering if I've bumped into some security issue. I'm somewhat surprised that "grant connect to database   to " appears to be stored "by name"? I think you are forgetting that databases have a default GRANT CONNECT TO PUBLIC. You nee

Re: connect permission based on database name

Rob Sargent writes: > Just wondering if I've bumped into some security issue. > I'm somewhat surprised that "grant connect to database   to > " appears to be stored "by name"? I think you are forgetting that databases have a default GRANT CONNECT TO PUBLIC. You need to revoke that before other

connect permission based on database name

Just wondering if I've bumped into some security issue. I'm somewhat surprised that "grant connect to database   to " appears to be stored "by name"? I have the luxury of dropping/recreate databases at will (within limits).  My script for creating a new db also creates a role and grants that