Skip site navigation (1) Skip section navigation (2)

Re: Revoke for a new role

From: "Kevin Grittner" <Kevin(dot)Grittner(at)wicourts(dot)gov>
To: "Rafael Domiciano" <rafael(dot)domiciano(at)gmail(dot)com>,"Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: <pgsql-admin(at)postgresql(dot)org>,"Milen A(dot) Radev" <milen(at)radev(dot)net>
Subject: Re: Revoke for a new role
Date: 2008-06-19 17:56:51
Message-ID: 485A5758.EE98.0025.0@wicourts.gov (view raw or flat)
Thread:
Lists: pgsql-admin
>>> On Fri, Jun 13, 2008 at 11:06 AM, in message
<3a0028490806130906i553f9588g810b2d19d95a91a1(at)mail(dot)gmail(dot)com>, "Rafael
Domiciano" <rafael(dot)domiciano(at)gmail(dot)com> wrote: 
> So, there is no manner to define that the user can't do create or
drop
> objects, but can create temp tables?
 
What we normally do is something like this.
 
create user dbowner password 'ownerpasswd';
create user db password 'normalpasswd';
create user dbviewer password 'viewerpasswd';
create database db with owner dbowner;
\c db
revoke create on database db from public;
revoke create on schema public from public;
grant create on schema public to dbowner;
set role dbowner;
<create objects>
 
Then we limit access to the given database to the appropriate users in
the pg_hba.conf file.  The owner grants the desired rights to each
user.
 
I hope this helps.
 
-Kevin

In response to

pgsql-admin by date

Next:From: Tom LaneDate: 2008-06-19 18:06:50
Subject: Re: Readline support in psql -- worked earlier for me
Previous:From: Peter KovacsDate: 2008-06-19 17:40:00
Subject: Re: Readline support in psql -- worked earlier for me

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group