Default privileges for new users on public schema?
up vote
1
down vote
favorite
I just created a database with an additional application
schema.
And for our Java Spring Boot applications I created a new role with the following SQL scripts for setting up the privileges:
CREATE USER app_role WITH ENCRYPTED PASSWORD '#########';
GRANT ALL ON SCHEMA application TO app_role;
Now my expectation was that I could only create and delete tables within the schema application
when logging in with this role.
However, I am also able to create and modify tables in the schema public
.
Are there any default privileges for the public
schema?
Why can I create tables in schemas I did not grant any privileges to?
postgresql privileges
add a comment |
up vote
1
down vote
favorite
I just created a database with an additional application
schema.
And for our Java Spring Boot applications I created a new role with the following SQL scripts for setting up the privileges:
CREATE USER app_role WITH ENCRYPTED PASSWORD '#########';
GRANT ALL ON SCHEMA application TO app_role;
Now my expectation was that I could only create and delete tables within the schema application
when logging in with this role.
However, I am also able to create and modify tables in the schema public
.
Are there any default privileges for the public
schema?
Why can I create tables in schemas I did not grant any privileges to?
postgresql privileges
1
alter default privileges ...
– a_horse_with_no_name
Nov 8 at 9:42
add a comment |
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I just created a database with an additional application
schema.
And for our Java Spring Boot applications I created a new role with the following SQL scripts for setting up the privileges:
CREATE USER app_role WITH ENCRYPTED PASSWORD '#########';
GRANT ALL ON SCHEMA application TO app_role;
Now my expectation was that I could only create and delete tables within the schema application
when logging in with this role.
However, I am also able to create and modify tables in the schema public
.
Are there any default privileges for the public
schema?
Why can I create tables in schemas I did not grant any privileges to?
postgresql privileges
I just created a database with an additional application
schema.
And for our Java Spring Boot applications I created a new role with the following SQL scripts for setting up the privileges:
CREATE USER app_role WITH ENCRYPTED PASSWORD '#########';
GRANT ALL ON SCHEMA application TO app_role;
Now my expectation was that I could only create and delete tables within the schema application
when logging in with this role.
However, I am also able to create and modify tables in the schema public
.
Are there any default privileges for the public
schema?
Why can I create tables in schemas I did not grant any privileges to?
postgresql privileges
postgresql privileges
edited Nov 8 at 10:06
Laurenz Albe
42.6k92746
42.6k92746
asked Nov 8 at 9:22
Lennart Blom
162111
162111
1
alter default privileges ...
– a_horse_with_no_name
Nov 8 at 9:42
add a comment |
1
alter default privileges ...
– a_horse_with_no_name
Nov 8 at 9:42
1
1
alter default privileges ...
– a_horse_with_no_name
Nov 8 at 9:42
alter default privileges ...
– a_horse_with_no_name
Nov 8 at 9:42
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
accepted
The public
schema has a special role in PostgreSQL, as the documentation describes.
If you don't want that (and it can be a security problem), you can either REVOKE
the CREATE
privilege or even drop the schema alogether.
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
accepted
The public
schema has a special role in PostgreSQL, as the documentation describes.
If you don't want that (and it can be a security problem), you can either REVOKE
the CREATE
privilege or even drop the schema alogether.
add a comment |
up vote
0
down vote
accepted
The public
schema has a special role in PostgreSQL, as the documentation describes.
If you don't want that (and it can be a security problem), you can either REVOKE
the CREATE
privilege or even drop the schema alogether.
add a comment |
up vote
0
down vote
accepted
up vote
0
down vote
accepted
The public
schema has a special role in PostgreSQL, as the documentation describes.
If you don't want that (and it can be a security problem), you can either REVOKE
the CREATE
privilege or even drop the schema alogether.
The public
schema has a special role in PostgreSQL, as the documentation describes.
If you don't want that (and it can be a security problem), you can either REVOKE
the CREATE
privilege or even drop the schema alogether.
answered Nov 8 at 10:04
Laurenz Albe
42.6k92746
42.6k92746
add a comment |
add a comment |
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53204724%2fdefault-privileges-for-new-users-on-public-schema%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
1
alter default privileges ...
– a_horse_with_no_name
Nov 8 at 9:42