| From: | "Albe Laurenz" <laurenz(dot)albe(at)wien(dot)gv(dot)at> |
|---|---|
| To: | "Pascal Cohen *EXTERN*" <pcohen(at)wimba(dot)com>, <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Deny creation of tables for a user |
| Date: | 2008-04-23 14:05:54 |
| Message-ID: | D960CB61B694CF459DCFB4B0128514C202043BFA@exadv11.host.magwien.gv.at |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Pascal Cohen wrote:
> I am playing with security in Postgres
> And I would like to have a database that can be managed by a given user
> that could do almost anything but I would also have a user that can just
> handle what is created.
> I mean she could insert, update delete rows but not create tables.
>
> I did not find a way to revoke such thing. Is it possible ?
The concept of the privilege system is that each database object
determines what you can do with it (with an access control list).
The owner of a database object can do everything with it.
So I'd do it like this:
Owning user (owns schema "myschema"):
CREATE TABLE myschema.mytable (...);
GRANT USAGE ON SCHEMA myschema TO bibi;
GRANT INSERT, UPDATE, DELETE ON myschema.mytable TO bibi;
Now user "bibi" can du exactly what you want.
Yours,
Laurenz Albe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2008-04-23 14:09:59 | Re: Qty of WAL files |
| Previous Message | Stephan Szabo | 2008-04-23 13:59:56 | Re: Updating with a subselect |