| From: | Zdenek Kotala <Zdenek(dot)Kotala(at)Sun(dot)COM> |
|---|---|
| To: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | Re: REVOKE CREATE does not work on default tablespace |
| Date: | 2007-06-25 16:52:09 |
| Message-ID: | 467FF2B9.8050305@sun.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
Tom Lane wrote:
> Zdenek Kotala <Zdenek(dot)Kotala(at)Sun(dot)COM> writes:
>> Tom Lane wrote:
>>> Zdenek Kotala <Zdenek(dot)Kotala(at)Sun(dot)COM> writes:
>>>> It seems that we not able to revoke create privilege on default tablespace.
>>> This is intentional.
>
>> I don't understand why.
>
> It's presumed that the right to create tables within a database entails
> the right to create them someplace; hence no permissions check is made
> on the database's default tablespace. Without that, not only does plain
> CREATE TABLE fail (including CREATE TEMP TABLE), but any query complex
> enough to require a temporary file would fail as well. So you'd pretty
> much have to grant rights on the tablespace to every user of the database
> anyway.
If only temporary objects are problem I think better solution is to create
pg_temp tablespace which will be used as default for temporary data (if
temp_tablespaces is not set) and this table space will have create rights for
everyone. It should be stored in separate directory (e.g. data/pg_temp).
Maybe add temp flag to tablespace should make sense - It will mean that only
temporary object can be created in this tablespace.
Zdenek
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2007-06-25 17:59:44 | Re: REVOKE CREATE does not work on default tablespace |
| Previous Message | Tom Lane | 2007-06-25 16:16:17 | Re: REVOKE CREATE does not work on default tablespace |