Waiting for PostgreSQL 15 – Revoke PUBLIC CREATE from public schema, now owned by pg_database_owner.

On 10th of September 2021, Noah Misch committed patch:

Revoke PUBLIC CREATE from public schema, now owned by pg_database_owner.
 
This switches the default ACL to what the documentation has recommended
since CVE-2018-1058.  Upgrades will carry forward any old ownership and
ACL.  Sites that declined the 2018 recommendation should take a fresh
look.  Recipes for commissioning a new database cluster from scratch may
need to create a schema, grant more privileges, etc.  Out-of-tree test
suites may require such updates.
 
Reviewed by Peter Eisentraut.
 
Discussion: https://postgr.es/m/20201031163518.GB4039133@rfd.leadboat.com

Continue reading Waiting for PostgreSQL 15 – Revoke PUBLIC CREATE from public schema, now owned by pg_database_owner.

Waiting for PostgreSQL 14 – Add “pg_database_owner” default role.

On 26th of March 2021, Noah Misch committed patch:

Add "pg_database_owner" default role.
 
Membership consists, implicitly, of the current database owner.  Expect
use in template databases.  Once pg_database_owner has rights within a
template, each owner of a database instantiated from that template will
exercise those rights.
 
Reviewed by John Naylor.
 
Discussion: https://postgr.es/m/20201228043148.GA1053024@rfd.leadboat.com

Continue reading Waiting for PostgreSQL 14 – Add “pg_database_owner" default role.

Waiting for 8.5 – “GRANT ALL”

One of the most common (or perhaps even the most common) question people have regarding PostgreSQL, is how to change privileges for all tables.

Usually they want something like MySQL's:

GRANT ... ON database.* TO ...

Which is interesting as it is actually 2 distinct features in one:

  • grant privileges on all existing tables
  • automatically grant privileges on all tables that will be created in this database in the future

Now, thanks to 2 new patches – we have this possibility in PostgreSQL.

Continue reading Waiting for 8.5 – “GRANT ALL"

Waiting for 8.4 – column level privileges.

On 22nd of January, Tom Lane committed patch by Stephen Frost, which adds column level privileges:

Log Message:
-----------
Support column-level privileges, as required by SQL standard.
 
Stephen Frost, with help from KaiGai Kohei and others

Continue reading Waiting for 8.4 – column level privileges.