On Wed, Jun 29, 2011 at 08:42:58PM -0400, Robert Haas wrote: > On Wed, Jun 29, 2011 at 4:49 PM, Alvaro Herrera > <alvhe...@commandprompt.com> wrote: > > Excerpts from Robert Haas's message of mié jun 29 13:42:34 -0400 2011: > > > >> > How about this? > >> > > >> > Some types of objects deny all privileges to PUBLIC by default. These > >> > are tables, columns, schemas and tablespaces. For other types, the > >> > default privileges granted to PUBLIC are as follows: CONNECT privilege > >> > and TEMP table creation privilege for databases; EXECUTE privilege for > >> > functions; and USAGE privilege for languages. The object owner can, > >> > of course, revoke both default and expressly granted privileges. > >> > >> Or, since I find the use of the word "deny" a bit unclear: > >> > >> When a table, column, schema, or tablespace is created, no privileges > >> are granted to PUBLIC. But for other objects, some privileges will be > >> granted to PUBLIC automatically at the time the object is created: > >> CONNECT privilege and TEMP table creation privilege for database, ... > >> <etc., the rest as you have it> > > > > Hmm, I like David's suggestion better, but I agree with you that "deny" > > isn't the right verb there. I have no better suggestions at moment > > though. > > Well, I think the only relevant verb is "grant", so that's why I was > trying to phrase it in terms of the negative of that - i.e. explain > that, in this case, we don't grant anything.
How about this? PostgreSQL grants some types of objects some default privileges to PUBLIC. Tables, columns, schemas and tablespaces grant no privileges to PUBLIC by default. For other types, the default privileges granted to PUBLIC are as follows: CONNECT and CREATE TEMP TABLE for databases; EXECUTE privilege for functions; and USAGE privilege for languages. The object owner can, of course, REVOKE both default and expressly granted privileges. Cheers, David. -- David Fetter <da...@fetter.org> http://fetter.org/ Phone: +1 415 235 3778 AIM: dfetter666 Yahoo!: dfetter Skype: davidfetter XMPP: david.fet...@gmail.com iCal: webcal://www.tripit.com/feed/ical/people/david74/tripit.ics Remember to vote! Consider donating to Postgres: http://www.postgresql.org/about/donate -- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers
