Arrange for the default permissions on a database to allow temp table

creation to world, but disallow temp table creation in template1.  Per
latest round of pghackers discussion.
I did not force initdb, but the permissions lockdown on template1 will
not take effect unless you do one (or manually REVOKE TEMP ON DATABASE template1 FROM public).

1 files changed, 8 insertions, 6 deletions

diff --git a/doc/src/sgml/ref/grant.sgml b/doc/src/sgml/ref/grant.sgml
index 4ed7e6d2cc7..5d5c2940142 100644
--- a/doc/src/sgml/ref/grant.sgml
+++ b/doc/src/sgml/ref/grant.sgml
@@ -1,5 +1,5 @@
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.28 2002/08/12 20:02:09 petere Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.29 2002/09/03 22:17:34 tgl Exp $
 PostgreSQL documentation
 -->
 
@@ -292,11 +292,13 @@ GRANT SELECT,UPDATE,INSERT ON mytable TO GROUP todos;
    <para>
    If the <quote>Access privileges</> column is empty for a given object,
 it means the object has default privileges (that is, its privileges field
-is NULL).  Currently, default privileges are interpreted the same way
-for all object types: all privileges for the owner and no privileges for
-anyone else.  The first <command>GRANT</> on an object will instantiate
-this default (producing, for example, <literal>{=,miriam=arwdRxt}</>)
-and then modify it per the specified request.
+is NULL).  Currently, default privileges are interpreted as <quote>all
+privileges for the owner and no privileges for anyone else</quote>, except
+for databases: the default privilege settings for a database allow anyone
+to create temporary tables in it.  The first <command>GRANT</> or
+<command>REVOKE</> on an object
+will instantiate the default privileges (producing, for example,
+<literal>{=,miriam=arwdRxt}</>) and then modify them per the specified request.
    </para>
  </refsect1>