Re: [GENERAL] postgres db permissions

2015-06-02 Thread Steve Pribyl
. Steve Pribyl From: pgsql-general-ow...@postgresql.org pgsql-general-ow...@postgresql.org on behalf of Joshua D. Drake j...@commandprompt.com Sent: Tuesday, June 2, 2015 12:44 PM To: pgsql-general@postgresql.org Subject: Re: [GENERAL] postgres db permissions

Re: [GENERAL] postgres db permissions

2015-06-02 Thread Adrian Klaver
: Tuesday, June 2, 2015 12:44 PM To: pgsql-general@postgresql.org Subject: Re: [GENERAL] postgres db permissions On 06/02/2015 10:36 AM, Steve Pribyl wrote: Good Afternoon, Built a fresh 9.3. postgres server and added some users and noticed that any user can create tables in any database including

Re: [GENERAL] postgres db permissions

2015-06-02 Thread Steve Pribyl
@postgresql.org Subject: Re: [GENERAL] postgres db permissions On 06/02/2015 10:50 AM, Steve Pribyl wrote: Josh, Via psql: CREATE ROLE bob LOGIN NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION; GRANT dbA TO bob; GRANT dbA_ro TO bob; GRANT dbB TO bob; GRANT dbB_ro TO bob; dbA, dbA_ro

Re: [GENERAL] postgres db permissions

2015-06-02 Thread Joshua D. Drake
On 06/02/2015 11:08 AM, Steve Pribyl wrote: They all look like this. CREATE ROLE dbA NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION; And how are you connecting to the database via psql? JD -- Command Prompt, Inc. - http://www.commandprompt.com/ 503-667-4564 PostgreSQL

Re: [GENERAL] postgres db permissions

2015-06-02 Thread Adrian Klaver
*From:* Melvin Davidson melvin6...@gmail.com *Sent:* Tuesday, June 2, 2015 12:55 PM *To:* Steve Pribyl *Cc:* Joshua D. Drake; pgsql-general@postgresql.org *Subject:* Re: [GENERAL] postgres db permissions Your problem is probably the INHERIT and GRANT dbA TO bob; GRANT dbA_ro TO bob; GRANT

Re: [GENERAL] postgres db permissions

2015-06-02 Thread Steve Pribyl
From: Adrian Klaver adrian.kla...@aklaver.com Sent: Tuesday, June 2, 2015 1:20 PM To: Steve Pribyl; Melvin Davidson Cc: Joshua D. Drake; pgsql-general@postgresql.org Subject: Re: [GENERAL] postgres db permissions On 06/02/2015 11:04 AM, Steve Pribyl wrote: None of the roles have permissions

Re: [GENERAL] postgres db permissions

2015-06-02 Thread Melvin Davidson
As Tom advised, it's called a public schema for a reason. It means the general public (any user) has access to it and can create objects/tables in it. On Tue, Jun 2, 2015 at 2:58 PM, Joshua D. Drake j...@commandprompt.com wrote: On 06/02/2015 11:46 AM, Tom Lane wrote: Adrian Klaver

Re: [GENERAL] postgres db permissions

2015-06-02 Thread Melvin Davidson
: [GENERAL] postgres db permissions On 06/02/2015 10:36 AM, Steve Pribyl wrote: Good Afternoon, Built a fresh 9.3. postgres server and added some users and noticed that any user can create tables in any database including the postgres database by default. Have I missed some step in securing

Re: [GENERAL] postgres db permissions

2015-06-02 Thread Steve Pribyl
From: pgsql-general-ow...@postgresql.org pgsql-general-ow...@postgresql.org on behalf of Steve Pribyl steve.pri...@akunacapital.com Sent: Tuesday, June 2, 2015 1:45 PM To: Adrian Klaver; Melvin Davidson Cc: Joshua D. Drake; pgsql-general@postgresql.org Subject: Re: [GENERAL] postgres db

Re: [GENERAL] postgres db permissions

2015-06-02 Thread Steve Pribyl
: Joshua D. Drake; pgsql-general@postgresql.org Subject: Re: [GENERAL] postgres db permissions Your problem is probably the INHERIT and GRANT dbA TO bob; GRANT dbA_ro TO bob; GRANT dbB TO bob; GRANT dbB_ro TO bob; options. If any of the dbA's have the permission to CREATE tables (and I suspect

Re: [GENERAL] postgres db permissions

2015-06-02 Thread Joshua D. Drake
On 06/02/2015 11:46 AM, Tom Lane wrote: Adrian Klaver adrian.kla...@aklaver.com writes: On 06/02/2015 11:04 AM, Steve Pribyl wrote: I have noted that GRANT ALL ON SCHEMA public TO public is granted on postgres.schemas.public. I am looking at this in pgadmin so excuse my nomenclature. Is

Re: [GENERAL] postgres db permissions

2015-06-02 Thread Melvin Davidson
, 2015 1:06 PM To: Steve Pribyl; Joshua D. Drake; pgsql-general@postgresql.org Subject: Re: [GENERAL] postgres db permissions On 06/02/2015 10:50 AM, Steve Pribyl wrote: Josh, Via psql: CREATE ROLE bob LOGIN NOSUPERUSER INHERIT NOCREATEDB NOCREATEROLE NOREPLICATION; GRANT dbA

Re: [GENERAL] postgres db permissions

2015-06-02 Thread Adrian Klaver
On 06/02/2015 11:04 AM, Steve Pribyl wrote: None of the roles have permissions on the postgres database. At this point they don't have any permissions on any databases. I have noted that GRANT ALL ON SCHEMA public TO public is granted on postgres.schemas.public. I am looking at this in

Re: [GENERAL] postgres db permissions

2015-06-02 Thread Tom Lane
Adrian Klaver adrian.kla...@aklaver.com writes: On 06/02/2015 11:04 AM, Steve Pribyl wrote: I have noted that GRANT ALL ON SCHEMA public TO public is granted on postgres.schemas.public. I am looking at this in pgadmin so excuse my nomenclature. Is this what is allowing write access to the

Re: [GENERAL] postgres db permissions

2015-06-02 Thread Adrian Klaver
On 06/02/2015 11:46 AM, Tom Lane wrote: Adrian Klaver adrian.kla...@aklaver.com writes: On 06/02/2015 11:04 AM, Steve Pribyl wrote: I have noted that GRANT ALL ON SCHEMA public TO public is granted on postgres.schemas.public. I am looking at this in pgadmin so excuse my nomenclature. Is

[GENERAL] postgres db permissions

2015-06-02 Thread Steve Pribyl
Good Afternoon, Built a fresh 9.3. postgres server and added some users and noticed that any user can create tables in any database including the postgres database by default. Have I missed some step in securing the default install? Steve Pribyl

Re: [GENERAL] postgres db permissions

2015-06-02 Thread Joshua D. Drake
On 06/02/2015 10:36 AM, Steve Pribyl wrote: Good Afternoon, Built a fresh 9.3. postgres server and added some users and noticed that any user can create tables in any database including the postgres database by default. Have I missed some step in securing the default install? How exactly