On Mon, Aug 11, 2025 at 1:55 PM Robert Haas <robertmh...@gmail.com> wrote: > [ some review ]
Another thing that's occurring to me here is that nothing prevents other objects from making their way into the owned schema. Sure, if we create a new schema with nobody having any permissions, then only the creating role or some role that has its privileges can add anything in there. But that could happen by accident, or privileges could later be granted and somebody could add something into the extension schema after that. I wonder whether we should lock this down tighter somehow and altogether forbid creating objects in that schema except from an extension create/upgrade script for the owning extension. -- Robert Haas EDB: http://www.enterprisedb.com
