From d61de58906249e8fb8e44d1ef454d029325526a3 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Tue, 3 Sep 2002 22:17:35 +0000 Subject: Arrange for the default permissions on a database to allow temp table creation to world, but disallow temp table creation in template1. Per latest round of pghackers discussion. I did not force initdb, but the permissions lockdown on template1 will not take effect unless you do one (or manually REVOKE TEMP ON DATABASE template1 FROM public). --- doc/src/sgml/ref/grant.sgml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'doc/src') diff --git a/doc/src/sgml/ref/grant.sgml b/doc/src/sgml/ref/grant.sgml index 4ed7e6d2cc7..5d5c2940142 100644 --- a/doc/src/sgml/ref/grant.sgml +++ b/doc/src/sgml/ref/grant.sgml @@ -1,5 +1,5 @@ @@ -292,11 +292,13 @@ GRANT SELECT,UPDATE,INSERT ON mytable TO GROUP todos; If the Access privileges column is empty for a given object, it means the object has default privileges (that is, its privileges field -is NULL). Currently, default privileges are interpreted the same way -for all object types: all privileges for the owner and no privileges for -anyone else. The first GRANT on an object will instantiate -this default (producing, for example, {=,miriam=arwdRxt}) -and then modify it per the specified request. +is NULL). Currently, default privileges are interpreted as all +privileges for the owner and no privileges for anyone else, except +for databases: the default privilege settings for a database allow anyone +to create temporary tables in it. The first GRANT or +REVOKE on an object +will instantiate the default privileges (producing, for example, +{=,miriam=arwdRxt}) and then modify them per the specified request. -- cgit v1.2.3