Re: Privileges question

Thanks Kevin,

That worked, head not quite so sore now ;¬).

If I wanted to set this as a default for all new databases and users how/where do I alter/create a schema other than public?

Regards,

Sandy Spence
Department of Computer Science
Aberystwyth University
Penglais Campus
Llandinam Building
Aberystwyth
Ceredigion
SY23 3DB
Tel: 01970-622433
Fax: 01970-628536

-----Original Message-----
From: pgsql-admin-owner(at)postgresql(dot)org [mailto:pgsql-admin-owner(at)postgresql(dot)org] On Behalf Of Kevin Grittner
Sent: 18 October 2011 17:27
To: Alexander James Spence [axs]; 'pgsql-admin(at)postgresql(dot)org'
Subject: Re: [ADMIN] Privileges question

"Alexander James Spence [axs]" <axs(at)aber(dot)ac(dot)uk> wrote:

> will have to create around 200+ users and user databases for
> student project use. I have tried all sorts of GRANT and REVOKE
> combinations but for the life of me cannot stop other users from
> creating tables in a database that is not their own.

test=# create user xxx;
CREATE ROLE
test=# create database xxx owner xxx;
CREATE DATABASE
test=# \c xxx
You are now connected to database "xxx" as user "kgrittn".
xxx=# revoke create on database xxx from public;
REVOKE
xxx=# revoke create on schema public from public;
REVOKE
xxx=# grant create on schema public to xxx;
GRANT

You might also want to limit connection rights in pg_hba.conf

-Kevin