Re: Define permissions at database level

Actually, I don't want table owners to drop the table using DROP command
directly. They have to use stored procedure to drop the table.

Thanks,
Dipti

On Thu, Feb 18, 2010 at 4:01 PM, Richard Huxton <dev(at)archonet(dot)com> wrote:

> On 18/02/10 10:23, dipti shah wrote:
>
>> Thanks Richard. That makes sense. If I want to restrict DROP for any table
>> then do I need to REVOKE permissions individually on tables.
>>
>> Revoke DROP ON MyTable from PUBLIC;
>>
>> I want to avoid doing it so I am wondering if I can define/grant the
>> permission at database level so that nousers can directly use any commands
>> like CREATE, UPDATE, ALTER or DROP. They have to use stored procedure.
>> They
>> can only use SELECT. Nothing else.
>>
>
> Only table owners can drop them.
>
> You can deny permission to a whole schema, but not set permissions on
> everything in it in one go. However there are various shell-scripts and
> plpgsql functions that let you set permissions on groups of tables in one
> go. They should show up easily enough through googling.
>
> --
> Richard Huxton
> Archonet Ltd
>