> On Aug 1, 2023, at 10:13, William Edwards <wedwa...@cyberfusion.nl> wrote:
> This allows all local users connecting over TCP to access all databases, not
> only the databases that the user is a member of as one might expect.
There's really no notion of a user being "a member of" a database in
PostgreSQL. Users are global resources, which are either granted access to a
particular database, or aren't.
In your example, you explicitly grant access to the databases to the users you
are creating.
Since a default installation of PostgreSQL contains only one superuser role,
and the `postgres` database, any other access requires specific intervention on
the part of someone with a superuser account.