Default privileges for new users on public schema?
up vote
1
down vote
favorite
I just created a database with an additional application
schema.
And for our Java Spring Boot applications I created a new role with the following SQL scripts for setting up the privileges:
CREATE USER app_role WITH ENCRYPTED PASSWORD '#########';
GRANT ALL ON SCHEMA application TO app_role;
Now my expectation was that I could only create and delete tables within the schema application
when logging in with this role.
However, I am also able to create and modify tables in the schema public
.
Are there any default privileges for the public
schema?
Why can I create tables in schemas I did not grant any privileges to?
postgresql privileges
add a comment |
up vote
1
down vote
favorite
I just created a database with an additional application
schema.
And for our Java Spring Boot applications I created a new role with the following SQL scripts for setting up the privileges:
CREATE USER app_role WITH ENCRYPTED PASSWORD '#########';
GRANT ALL ON SCHEMA application TO app_role;
Now my expectation was that I could only create and delete tables within the schema application
when logging in with this role.
However, I am also able to create and modify tables in the schema public
.
Are there any default privileges for the public
schema?
Why can I create tables in schemas I did not grant any privileges to?
postgresql privileges
1
alter default privileges ...
– a_horse_with_no_name
Nov 8 at 9:42
add a comment |
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I just created a database with an additional application
schema.
And for our Java Spring Boot applications I created a new role with the following SQL scripts for setting up the privileges:
CREATE USER app_role WITH ENCRYPTED PASSWORD '#########';
GRANT ALL ON SCHEMA application TO app_role;
Now my expectation was that I could only create and delete tables within the schema application
when logging in with this role.
However, I am also able to create and modify tables in the schema public
.
Are there any default privileges for the public
schema?
Why can I create tables in schemas I did not grant any privileges to?
postgresql privileges
I just created a database with an additional application
schema.
And for our Java Spring Boot applications I created a new role with the following SQL scripts for setting up the privileges:
CREATE USER app_role WITH ENCRYPTED PASSWORD '#########';
GRANT ALL ON SCHEMA application TO app_role;
Now my expectation was that I could only create and delete tables within the schema application
when logging in with this role.
However, I am also able to create and modify tables in the schema public
.
Are there any default privileges for the public
schema?
Why can I create tables in schemas I did not grant any privileges to?
postgresql privileges
postgresql privileges
edited Nov 8 at 10:06
Laurenz Albe
40.9k92745
40.9k92745
asked Nov 8 at 9:22
Lennart Blom
16411
16411
1
alter default privileges ...
– a_horse_with_no_name
Nov 8 at 9:42
add a comment |
1
alter default privileges ...
– a_horse_with_no_name
Nov 8 at 9:42
1
1
alter default privileges ...
– a_horse_with_no_name
Nov 8 at 9:42
alter default privileges ...
– a_horse_with_no_name
Nov 8 at 9:42
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
accepted
The public
schema has a special role in PostgreSQL, as the documentation describes.
If you don't want that (and it can be a security problem), you can either REVOKE
the CREATE
privilege or even drop the schema alogether.
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
accepted
The public
schema has a special role in PostgreSQL, as the documentation describes.
If you don't want that (and it can be a security problem), you can either REVOKE
the CREATE
privilege or even drop the schema alogether.
add a comment |
up vote
0
down vote
accepted
The public
schema has a special role in PostgreSQL, as the documentation describes.
If you don't want that (and it can be a security problem), you can either REVOKE
the CREATE
privilege or even drop the schema alogether.
add a comment |
up vote
0
down vote
accepted
up vote
0
down vote
accepted
The public
schema has a special role in PostgreSQL, as the documentation describes.
If you don't want that (and it can be a security problem), you can either REVOKE
the CREATE
privilege or even drop the schema alogether.
The public
schema has a special role in PostgreSQL, as the documentation describes.
If you don't want that (and it can be a security problem), you can either REVOKE
the CREATE
privilege or even drop the schema alogether.
answered Nov 8 at 10:04
Laurenz Albe
40.9k92745
40.9k92745
add a comment |
add a comment |
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53204724%2fdefault-privileges-for-new-users-on-public-schema%23new-answer', 'question_page');
}
);
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
1
alter default privileges ...
– a_horse_with_no_name
Nov 8 at 9:42