Revoke all on schema - Postgresql

e1s
December 28, 2022
181 views
0 votes
2 Answers

I try add audit trigger for table in BD. I find example on GitHub. But I dont understand why author use this construction after create schema and table

CREATE SCHEMA audit;
REVOKE ALL ON SCHEMA audit FROM public;

And for table:

REVOKE ALL ON audit.logged_actions FROM public;

What the aim of using REVOKE ?

Tags: postgresql

Answers

- Dani
- December 28, 2022 at 11:38 am
- 0 votes
0
Revoke removes access permissions to an object.

it means only specific users that you will grant permission to them can access the audit scheme / logged_actions table.

"The key word PUBLIC refers to the implicitly defined group of all roles."

Login or Signup to reply.

- LaurenzAlbe
- December 29, 2022 at 5:03 am
- 0 votes
0
The REVOKE is pointless, because the default permissions on a new schema only allow the owner (the user that ran CREATE SCHEMA) to use it. See the documentation:

No privileges are granted to PUBLIC by default on tables, table columns, sequences, foreign data wrappers, foreign servers, large objects, schemas, tablespaces, or configuration parameters.

I can only assume that the REVOKE is a safety measure, in case the user who runs CREATE SCHEMA has changed the default privileges as follows:
```
ALTER DEFAULT PRIVILEGES GRANT ... ON SCHEMAS TO PUBLIC;
```
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.

Revoke all on schema – Postgresql

Answers