Re: [GENERAL] postgres db permissions

2015-06-02 Thread Adrian Klaver
On 06/02/2015 11:46 AM, Tom Lane wrote: Adrian Klaver writes: On 06/02/2015 11:04 AM, Steve Pribyl wrote: I have noted that "GRANT ALL ON SCHEMA public TO public" is granted on postgres.schemas.public. I am looking at this in pgadmin so excuse my nomenclature. Is this what is allowing wri

Re: [GENERAL] postgres db permissions

2015-06-02 Thread Melvin Davidson
As Tom advised, it's called a "public" schema for a reason. It means the general public (any user) has access to it and can create objects/tables in it. On Tue, Jun 2, 2015 at 2:58 PM, Joshua D. Drake wrote: > > On 06/02/2015 11:46 AM, Tom Lane wrote: > >> Adrian Klaver writes: >> >>> On 06/02

Re: [GENERAL] postgres db permissions

2015-06-02 Thread Joshua D. Drake
On 06/02/2015 11:46 AM, Tom Lane wrote: Adrian Klaver writes: On 06/02/2015 11:04 AM, Steve Pribyl wrote: I have noted that "GRANT ALL ON SCHEMA public TO public" is granted on postgres.schemas.public. I am looking at this in pgadmin so excuse my nomenclature. Is this what is allowing wr

Re: [GENERAL] postgres db permissions

2015-06-02 Thread Steve Pribyl
eve Pribyl From: pgsql-general-ow...@postgresql.org on behalf of Steve Pribyl Sent: Tuesday, June 2, 2015 1:45 PM To: Adrian Klaver; Melvin Davidson Cc: Joshua D. Drake; pgsql-general@postgresql.org Subject: Re: [GENERAL] postgres db permissions Thanks for clearing that up. I seem

Re: [GENERAL] postgres db permissions

2015-06-02 Thread Tom Lane
Adrian Klaver writes: > On 06/02/2015 11:04 AM, Steve Pribyl wrote: >> I have noted that "GRANT ALL ON SCHEMA public TO public" is granted >> on postgres.schemas.public. I am looking at this in pgadmin so excuse >> my nomenclature. >> Is this what is allowing write access to the database? > Ye

Re: [GENERAL] postgres db permissions

2015-06-02 Thread Steve Pribyl
eve Pribyl From: Adrian Klaver Sent: Tuesday, June 2, 2015 1:20 PM To: Steve Pribyl; Melvin Davidson Cc: Joshua D. Drake; pgsql-general@postgresql.org Subject: Re: [GENERAL] postgres db permissions On 06/02/2015 11:04 AM, Steve Pribyl wrote: > None of the roles have permissions on the post

Re: [GENERAL] postgres db permissions

2015-06-02 Thread Adrian Klaver
On 06/02/2015 11:04 AM, Steve Pribyl wrote: None of the roles have permissions on the postgres database. At this point they don't have any permissions on any databases. I have noted that "GRANT ALL ON SCHEMA public TO public" is granted on postgres.schemas.public. I am looking at this in pga

Re: [GENERAL] postgres db permissions

2015-06-02 Thread Melvin Davidson
M > To: Steve Pribyl; Joshua D. Drake; pgsql-general@postgresql.org > Subject: Re: [GENERAL] postgres db permissions > > On 06/02/2015 10:50 AM, Steve Pribyl wrote: > > Josh, > > > > Via psql: > > CREATE ROLE bob LOGIN > >NOSUPERUSER INHERIT NOCREATEDB N

Re: [GENERAL] postgres db permissions

2015-06-02 Thread Joshua D. Drake
On 06/02/2015 11:08 AM, Steve Pribyl wrote: They all look like this. CREATE ROLE dbA NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION; And how are you connecting to the database via psql? JD -- Command Prompt, Inc. - http://www.commandprompt.com/ 503-667-4564 PostgreSQL Center

Re: [GENERAL] postgres db permissions

2015-06-02 Thread Adrian Klaver
t; Desk: 312-994-4646 *From:* Melvin Davidson *Sent:* Tuesday, June 2, 2015 12:55 PM *To:* Steve Pribyl *Cc:* Joshua D. Drake; pgsql-general@postgresql.org *Subject:* Re: [GENERAL] postgres db permissions Your problem is probably the "INHERIT" and GRANT dbA TO bob; GRANT

Re: [GENERAL] postgres db permissions

2015-06-02 Thread Steve Pribyl
: [GENERAL] postgres db permissions On 06/02/2015 10:50 AM, Steve Pribyl wrote: > Josh, > > Via psql: > CREATE ROLE bob LOGIN >NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION; > GRANT dbA TO bob; > GRANT dbA_ro TO bob; > GRANT dbB TO bob; > GRANT dbB_ro TO bob

Re: [GENERAL] postgres db permissions

2015-06-02 Thread Adrian Klaver
@postgresql.org Subject: Re: [GENERAL] postgres db permissions On 06/02/2015 10:36 AM, Steve Pribyl wrote: Good Afternoon, Built a fresh 9.3. postgres server and added some users and noticed that any user can create tables in any database including the postgres database by default. Have I missed some step

Re: [GENERAL] postgres db permissions

2015-06-02 Thread Steve Pribyl
l Cc: Joshua D. Drake; pgsql-general@postgresql.org Subject: Re: [GENERAL] postgres db permissions Your problem is probably the "INHERIT" and GRANT dbA TO bob; GRANT dbA_ro TO bob; GRANT dbB TO bob; GRANT dbB_ro TO bob; options. If any of the dbA's have the permission to CREATE tabl

Re: [GENERAL] postgres db permissions

2015-06-02 Thread Melvin Davidson
m> > Sent: Tuesday, June 2, 2015 12:44 PM > To: pgsql-general@postgresql.org > Subject: Re: [GENERAL] postgres db permissions > > On 06/02/2015 10:36 AM, Steve Pribyl wrote: > > > > Good Afternoon, > > > > Built a fresh 9.3. postgres server and added some users an

Re: [GENERAL] postgres db permissions

2015-06-02 Thread Steve Pribyl
. Steve Pribyl From: pgsql-general-ow...@postgresql.org on behalf of Joshua D. Drake Sent: Tuesday, June 2, 2015 12:44 PM To: pgsql-general@postgresql.org Subject: Re: [GENERAL] postgres db permissions On 06/02/2015 10:36 AM, Steve Pribyl wrote: > >

Re: [GENERAL] postgres db permissions

2015-06-02 Thread Joshua D. Drake
On 06/02/2015 10:36 AM, Steve Pribyl wrote: Good Afternoon, Built a fresh 9.3. postgres server and added some users and noticed that any user can create tables in any database including the postgres database by default. Have I missed some step in securing the default install? How exactly

[GENERAL] postgres db permissions

2015-06-02 Thread Steve Pribyl
Good Afternoon, Built a fresh 9.3. postgres server and added some users and noticed that any user can create tables in any database including the postgres database by default. Have I missed some step in securing the default install? Steve Pribyl [http://www.