am new to postgres,
am trying to work out whats going on with security.
it seams that by default the system is wide open because when I create a new database every user can see it and seams to have full control.
how do I stop this from happening so that nobody other than postgre has access to it until a grant is issued ?
2
Answers
pg_default_acl
contains the existing defailt privileges that determines what is granted to users by default when they create new objects like databases, schemas, tables etc.This will get you all your current default privileges that exist, if you need to change this such that you are restricting access to the new users, you need to alter this.
So, if you want to revoke all privileges for all users on new schema you do something like this.
Or, if you want to remove certain privileges, then you can use something like –
This will revoke the create privilege from the public role.
Or, let’s say you want to grant some specific access to certain users, then you use the grant function –
This way, poeple with explicit permissions will only have access to the database.
You can restrict access to new databases by modifying the PostgreSQL pg_hba.conf file to limit access to specific roles or IP addresses. Additionally, use the REVOKE command to remove public access to new databases until explicit grants are provided.