RE: NOCREATETABLE patch (was: Re: Please, help!(about P ostgres))

That makes perfect sense to me. I was only going by what System
Privileges are granted to the Oracle roles of the same name. Oracle
has:

CONNECT -
ALTER SESSION
CREATE CLUSTER
CREATE DATABASE LINK
CREATE SEQUENCE
CREATE SESSION
CREATE SYNONYM
CREATE TABLE
CREATE VIEW

RESOURCE -
CREATE CLUSTER
CREATE PROCEDURE
CREATE SEQUENCE
CREATE TABLE
CREATE TRIGGER

DBA -
All systems privileges WITH ADMIN OPTION

But I agree with you. When I was first learning Oracle, I thought it
strange that the CONNECT role had anything more than CREATE/ALTER
SESSION privilege.

Mike Mascari
mascarm(at)mascari(dot)com

-----Original Message-----
From: Zeugswetter Andreas SB [SMTP:ZeugswetterA(at)wien(dot)spardat(dot)at]
Sent: Wednesday, May 09, 2001 3:20 AM
To: 'Bruce Momjian'; mascarm(at)mascari(dot)com
Cc: Karel Zak; pgsql-hackers
Subject: AW: [HACKERS] NOCREATETABLE patch (was: Re: Please,
help!(about P ostgres))

> > The connect group would be granted these System Privileges:

If we keep it like others (e.g. Informix) this System Privilege would
be called
"resource". I like this name better, because it more describes the
detailed
priviledges.

> >
> > CREATE AGGREGATE privilege
> > CREATE INDEX privilege
> > CREATE FUNCTION privilege
> > CREATE OPERATOR privilege
> > CREATE RULE privilege
> > CREATE SESSION privilege
> > CREATE SYNONYM privilege
> > CREATE TABLE privilege
> > CREATE TRIGGER privilege
> > CREATE TYPE privilege
> > CREATE VIEW privilege

The "connect" group would only have the priviledge to connect to the
db [and
create temp tables ?] and rights they where granted, or that were
granted to public.
They would not be allowed to create anything.

Andreas