As Tom advised, it's called a "public" schema for a reason. It means the general public (any user) has access to it and can create objects/tables in it.
On Tue, Jun 2, 2015 at 2:58 PM, Joshua D. Drake <j...@commandprompt.com> wrote: > > On 06/02/2015 11:46 AM, Tom Lane wrote: > >> Adrian Klaver <adrian.kla...@aklaver.com> writes: >> >>> On 06/02/2015 11:04 AM, Steve Pribyl wrote: >>> >>>> I have noted that "GRANT ALL ON SCHEMA public TO public" is granted >>>> on postgres.schemas.public. I am looking at this in pgadmin so excuse >>>> my nomenclature. >>>> >>> >> Is this what is allowing write access to the database? >>>> >>> >> Yes, though that should not be the default. >>> >> >> Huh? Of course it's the default. I'm not really sure why the OP is >> surprised at this. A database that won't let you create any tables >> is not terribly useful. >> > > The owner (or super user) should always have access, anybody with access > should not. This argument has actually come up before and you held a > similar view. This should not be possible: > > postgres@sqitch:/# psql -U postgres > psql (9.2.11) > Type "help" for help. > > postgres=# create user foo; > CREATE ROLE > postgres=# \q > > root@sqitch:/# psql -U foo postgres > psql (9.2.11) > Type "help" for help. > postgres=> create table bar (id text); > CREATE TABLE > postgres=> > > We can adjust this capability with pg_hba.conf but that is external to > this behavior. > > Sincerely, > > JD > > > > -- > Command Prompt, Inc. - http://www.commandprompt.com/ 503-667-4564 > PostgreSQL Centered full stack support, consulting and development. > Announcing "I'm offended" is basically telling the world you can't > control your own emotions, so everyone else should do it for you. > -- *Melvin Davidson* I reserve the right to fantasize. Whether or not you wish to share my fantasy is entirely up to you.
