# HG changeset patch
# User Tom Gottfried <tom@intevation.de>
# Date 1533140174 -7200
# Node ID 10b93a8ee057481260db763efe287223d45da9d3
# Parent  0745b4d336c41fdf3897db2390d0b6a36c7e3be8
Lock out the PUBLIC more rigorously

diff -r 0745b4d336c4 -r 10b93a8ee057 schema/auth.sql
--- a/schema/auth.sql	Wed Aug 01 17:35:12 2018 +0200
+++ b/schema/auth.sql	Wed Aug 01 18:16:14 2018 +0200
@@ -5,12 +5,12 @@
 --
 
 -- We do not want any users to be able to create any objects
-REVOKE CREATE ON SCHEMA public FROM PUBLIC;
+REVOKE ALL ON SCHEMA public FROM PUBLIC;
 
 --
 -- Privileges for waterway_user
 --
-GRANT USAGE ON SCHEMA users, waterway TO waterway_user;
+GRANT USAGE ON SCHEMA public, users, waterway TO waterway_user;
 GRANT SELECT ON ALL TABLES IN SCHEMA public, users, waterway TO waterway_user;
 
 --