PostgreSQL default access privileges

By default, PostgreSQL users—also known as roles with the login option—can access the public schema. Additionally, note that the default PostgreSQL authentication policy allows users to access all databases from the localhost using peer authentication on a Linux system. Users can create database objects -tables, views, functions and so on- in the public schema of any database that they can access by default. Finally, the user can alter some settings regarding sessions such as work_mem.

The user cannot access other user objects in the public schema or create databases and schemas. However, the user can sniff data about the database objects by querying the system catalog. Unprivileged users can get information about other users, table structure, table owner, some table statistics, and so on.

The following example shows how the user test_user is able to get information about a table, which is owned by a postgres user; to simulate this situation, let's create a test database as follows:

psql -U postgres -c 'CREATE ROLE test_user LOGIN;';
psql -U postgres -c 'CREATE DATABASE test;';
psql -U postgres -d test -c'CREATE TABLE test_permissions(id serial , name text);'

The user test_user does not have permissions to the table itself, but he has permissions to access the system catalog; to see this, connect to the database using test_user:

test=# SET ROLE test_user;
SET
test=> d
 List of relations
 Schema | Name | Type | Owner 
--------+-------------------------+----------+----------
 public | test_permissions | table | postgres
 public | test_permissions_id_seq | sequence | postgres
(2 rows)
test=> du 
                                   List of roles
 Role name | Attributes | Member of 
-----------+------------------------------------------------------------+-----------
 postgres | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
 test_user | | {}

The user can also access functions that are created in the public schema by other users as long as this function does not access objects that the user cannot access.

For mistrusted languages, such as plpythonu, the user cannot create functions unless he/she is a superuser. If anyone who is not a superuser tries to create a function using C language or plpythonu, an error will be raised. 

To prevent the user from accessing the public schema, the public schema privileges should be revoked, as follows:

test=# SELECT session_user;
 session_user 
--------------
 postgres
(1 row)
test=# REVOKE ALL PRIVILEGES ON SCHEMA PUBLIC FROM public;
REVOKE
test=# SET ROLE test_user;
SET
test=> CREATE TABLE b();
ERROR: no schema has been selected to create in
LINE 1: create table b();
The user test_user has explicit privileges on the public schema; the user inherits these privileges from the public role.

For views, the view owner cannot execute a view unless he/she has permission to access the base tables used in the view.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset