Re: [GENERAL] Privileges on public schema can't be revoked?

2016-09-07 Thread Jim Nasby
On 9/6/16 3:16 PM, Greg Fodor wrote: It seems that functionality that lets a superuser quickly audit the privileges for a user (including those granted via PUBLIC) would be really helpful for diagnosing cases where that user can do something they shouldn't be allowed to. That's actually

Re: [GENERAL] Privileges on public schema can't be revoked?

2016-09-06 Thread Tom Lane
Stephen Frost writes: > \dn+ in psql will give you the access privileges for all schemas. > I'd have to look at the "other solutions" you're referring to, but, in > general, we do not exclude the public role in any way from the access > privilege system. Possibly Greg was

Re: [GENERAL] Privileges on public schema can't be revoked?

2016-09-06 Thread Stephen Frost
Gregm * Greg Fodor (gfo...@gmail.com) wrote: > A, I wasn't aware of the PUBLIC meta-role. Not sure if it's useful > feedback, I spent a lot of time digging around the web for solutions > that would basically let me query the database to see all of the > effective privileges for a user, and

Re: [GENERAL] Privileges on public schema can't be revoked?

2016-09-06 Thread Greg Fodor
A, I wasn't aware of the PUBLIC meta-role. Not sure if it's useful feedback, I spent a lot of time digging around the web for solutions that would basically let me query the database to see all of the effective privileges for a user, and none of the solutions I found were able to get me to a

Re: [GENERAL] Privileges on public schema can't be revoked?

2016-09-06 Thread Tom Lane
Greg Fodor writes: > Apologies in advance about this since it is likely something obvious, > but I am seeing some very basic behavior that does not make sense. > I've tested this on a fresh build of 9.6rc1 and also 9.1.24 (just to > see if it was a regression.) After creating a

Re: [GENERAL] Privileges on public schema can't be revoked?

2016-09-06 Thread Stephen Frost
Greg, * Greg Fodor (gfo...@gmail.com) wrote: > Apologies in advance about this since it is likely something obvious, > but I am seeing some very basic behavior that does not make sense. > I've tested this on a fresh build of 9.6rc1 and also 9.1.24 (just to > see if it was a regression.) After

[GENERAL] Privileges on public schema can't be revoked?

2016-09-06 Thread Greg Fodor
Apologies in advance about this since it is likely something obvious, but I am seeing some very basic behavior that does not make sense. I've tested this on a fresh build of 9.6rc1 and also 9.1.24 (just to see if it was a regression.) After creating a test database, and a test user that I revoke