Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1t1pci-000d4c-0k for pgsql-general@arkaria.postgresql.org; Fri, 18 Oct 2024 16:14:44 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1t1pcg-006t1g-0U for pgsql-general@arkaria.postgresql.org; Fri, 18 Oct 2024 16:14:42 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1t1pcf-006t1X-LB for pgsql-general@lists.postgresql.org; Fri, 18 Oct 2024 16:14:42 +0000 Received: from fout-a1-smtp.messagingengine.com ([103.168.172.144]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1t1pcZ-001Yul-0l for pgsql-general@lists.postgresql.org; Fri, 18 Oct 2024 16:14:40 +0000 Received: from phl-compute-11.internal (phl-compute-11.phl.internal [10.202.2.51]) by mailfout.phl.internal (Postfix) with ESMTP id 511D1138039C; Fri, 18 Oct 2024 12:14:34 -0400 (EDT) Received: from phl-mailfrontend-02 ([10.202.2.163]) by phl-compute-11.internal (MEProxy); Fri, 18 Oct 2024 12:14:34 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aklaver.com; h= cc:content-transfer-encoding:content-type:content-type:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm1; t=1729268074; x=1729354474; bh=JTPgQke+gRbYXt46ialsYZeJ/IpRMNj3y4O98+U8PYA=; b= uOn6N3tJ8O6YjH2wN+QGXtuHenoqwebxnf28AJ+4Uc5xqt42S7hNKKOtde0TWB2p YCqOAzm17Pu72TRPPi8tKtkMMHVEGDKDTibbZVcRq0JwQ6b26sr3EoS3uSvsWgQz unNvKzJbWmYPi+st5npfxwzgFyN1cEiTlpgXnCn5pjWFnuhZiEmfqlPDgwo2rzwr /h4gCXMPk3G28Kai+DC/V3qtJMdvc5qCLpEYZDm9fgCgaBSgxBmmEWH1hqaanFpC BR3auObnjsVM1tb0EM3f/6YAskiIqlYbfRw6IRwygkY+Jh5sfZoCDPIbbD/1+uja 9AHrCmrj5enul5rHTJZ/Aw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1729268074; x= 1729354474; bh=JTPgQke+gRbYXt46ialsYZeJ/IpRMNj3y4O98+U8PYA=; b=Y IDBjvSN29IjCMIgW0VM3UPjfLwZic3xIna86IS9m9qoHwGjbqHF2xlxQaPn7h8VV M/B58vfONyDESJt2wlO4gqxUn18YKCe+JBWk0u7gAGF/Ky5/SsqyR2ul905vvM4A 7VrxoiAOA9pyKmo4z7GbwsEvKe7ZwPDsgWBfUJDPFZo8+5y+Ge0oUam2ZjNEaOYs WwrdqWMkb7uRs3fA03Mb0oY21z3hdotT2r0BN+2NjdDmmGgv7UyeK4l0WUoT+BmL DX/S8SVPB0vnWvBiwHNtsydxpgHBlSpZLjj1da43Qn2IF+es7U5NttxNR7lzwGai ft3LZRm54bn9wWM8KvMiA== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeeftddrvdehfedgleeiucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdggtfgfnhhsuhgsshgtrhhisggvpdfu rfetoffkrfgpnffqhgenuceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnh htshculddquddttddmnecujfgurhepkfffgggfuffvfhfhjggtgfesthejredttddvjeen ucfhrhhomheptegurhhirghnucfmlhgrvhgvrhcuoegrughrihgrnhdrkhhlrghvvghrse grkhhlrghvvghrrdgtohhmqeenucggtffrrghtthgvrhhnpeekfeehuddvjeeigfeifeej tdduudffledvfeelheeftdeiffeugfdvkeelgedtvdenucffohhmrghinhepphhoshhtgh hrvghsqhhlrdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghi lhhfrhhomheprggurhhirghnrdhklhgrvhgvrhesrghklhgrvhgvrhdrtghomhdpnhgspg hrtghpthhtohepvddpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepshhrvggvkhgr nhhtrghrvgguugihudeksehgmhgrihhlrdgtohhmpdhrtghpthhtohepphhgshhqlhdqgh gvnhgvrhgrlheslhhishhtshdrphhoshhtghhrvghsqhhlrdhorhhg X-ME-Proxy: Feedback-ID: i76984098:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri, 18 Oct 2024 12:14:33 -0400 (EDT) Message-ID: <671802a8-95b0-4af1-ad43-2e131057a89a@aklaver.com> Date: Fri, 18 Oct 2024 09:14:32 -0700 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: Permissions for Newly Created User To: sreekanta reddy , pgsql-general@lists.postgresql.org References: Content-Language: en-US From: Adrian Klaver In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk On 10/18/24 03:11, sreekanta reddy wrote: > > Dear PostgreSQL Support Team, > > I would also like to suggest an enhancement to the default behavior for > newly created users in PostgreSQL. > > *Observed Issue: > *User Created: testdb > Command used: CREATE USER testdb WITH PASSWORD 'dhsfjobodjjbsdj'; > After creating the user testdb, I observed that the user could still > view objects, schemas, and their structures, as well as system tables > and views, which contradicts the intended restricted permissions. What restrictions? The user has what is specified here: https://www.postgresql.org/docs/current/ddl-priv.html Pay particular attention to what is granted to the PUBLIC role. If you want the role to have less privilges that what the defaults are then you will need to explicitly revoke them. -- Adrian Klaver adrian.klaver@aklaver.com