Arrange for the default permissions on a database to allow temp table

creation to world, but disallow temp table creation in template1. Per latest round of pghackers discussion. I did not force initdb, but the permissions lockdown on template1 will not take effect unless you do one (or manually REVOKE TEMP ON DATABASE template1 FROM public).
2025-07-30 11:03:19 +03:00 · 2002-09-03 22:17:35 +00:00
parent c7d07b5a45
commit d61de58906
4 changed files with 27 additions and 12 deletions
--- a/doc/src/sgml/ref/grant.sgml
+++ b/doc/src/sgml/ref/grant.sgml
@ -1,5 +1,5 @@
 <!--
-$Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.28 2002/08/12 20:02:09 petere Exp $
+$Header: /cvsroot/pgsql/doc/src/sgml/ref/grant.sgml,v 1.29 2002/09/03 22:17:34 tgl Exp $
 PostgreSQL documentation
 -->

@ -292,11 +292,13 @@ GRANT SELECT,UPDATE,INSERT ON mytable TO GROUP todos;
   <para>
   If the <quote>Access privileges</> column is empty for a given object,
 it means the object has default privileges (that is, its privileges field
-is NULL).  Currently, default privileges are interpreted the same way
-for all object types: all privileges for the owner and no privileges for
-anyone else.  The first <command>GRANT</> on an object will instantiate
-this default (producing, for example, <literal>{=,miriam=arwdRxt}</>)
-and then modify it per the specified request.
+is NULL).  Currently, default privileges are interpreted as <quote>all
+privileges for the owner and no privileges for anyone else</quote>, except
+for databases: the default privilege settings for a database allow anyone
+to create temporary tables in it.  The first <command>GRANT</> or
+<command>REVOKE</> on an object
+will instantiate the default privileges (producing, for example,
+<literal>{=,miriam=arwdRxt}</>) and then modify them per the specified request.
   </para>
 </refsect1>