patternsqlMajor
PostgreSQL - Who or what is the "PUBLIC" role?
Viewed 0 times
postgresqlthewhatpublicwhorole
Problem
I was looking at
=> Who or what is the
information_schema.role_table_grants when I saw public in grantee column, then I've checked at information_schema.enabled_roles but this role_name does not exist.=> Who or what is the
public role?Solution
While this is true it is not the full picture.
Public also acts as an implicit role that other roles belong to and that has its own permissions not always reflected and reported that get inherited.
By default it gives create permission on the public schema. when you don't remove this all the other correct steps to create a read only user results in that user also being able to create new objects in the public schema and then due to ownership put data in them. To prevent this
Similarly it also gives permission on database level, to remove use
Good article here: https://wiki.postgresql.org/images/d/d1/Managing_rights_in_postgresql.pdf
Public also acts as an implicit role that other roles belong to and that has its own permissions not always reflected and reported that get inherited.
By default it gives create permission on the public schema. when you don't remove this all the other correct steps to create a read only user results in that user also being able to create new objects in the public schema and then due to ownership put data in them. To prevent this
REVOKE ALL ON SCHEMA public FROM PUBLIC;Similarly it also gives permission on database level, to remove use
REVOKE ALL ON DATABASE all_database FROM PUBLIC;Good article here: https://wiki.postgresql.org/images/d/d1/Managing_rights_in_postgresql.pdf
Code Snippets
REVOKE ALL ON SCHEMA public FROM PUBLIC;REVOKE ALL ON DATABASE all_database FROM PUBLIC;Context
StackExchange Database Administrators Q#108975, answer score: 21
Revisions (0)
No revisions yet.