This wasn't encountered in my original patch because pg_tablespace_aclmask() had this test reasonably early on:
+ if(tbloid == DEFAULTTBLSPC) + return (mask);
I guess that might have been a bit presumptuous but a similar thing happens if you don't specify a tablespace:
tablespaceId = get_namespace_tablespace(namespaceId); /* note no permission check on tablespace in this case */
What should the solution be?
Seems to me that the solution is that the inital pg_default tablespace should be create with USAGE rights to PUBLIC at initdb time. Then a superuser can always revoke the CREATE right if they like.
All the CREATE and ALTER commands that specify tablespaces should actually check that they are allowed to create in pg_default rather than just assume.
That way, an admin can force users to NOT use the default tablespace if they wish, even though the users have CREATE table rights on the schema.
Chris
---------------------------(end of broadcast)--------------------------- TIP 6: Have you searched our list archives?
http://archives.postgresql.org
