Skip site navigation (1) Skip section navigation (2)

Re: Revoke for a new role

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: "Milen A(dot) Radev" <milen(at)radev(dot)net>
Cc: "Rafael Domiciano" <rafael(dot)domiciano(at)gmail(dot)com>, pgsql-admin(at)postgresql(dot)org
Subject: Re: Revoke for a new role
Date: 2008-06-13 15:11:42
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-admin
"Milen A. Radev" <milen(at)radev(dot)net> writes:
> Rafael Domiciano :
>> I need to create a role (Postgres user) that cannot drop or create table,
>> but can create TEMP tables. This role must do I, U and D normally.

> For a role to be able to create tables (and other objects) it should 
> have "CREATE" privilege on the _schema_ in question.

More specifically, what you're going to need to do is revoke "public"
create access on the public schema, and then selectively grant it to
everyone you want to have it.  There's no notion of "everyone but X
gets this privilege".

			regards, tom lane

In response to


pgsql-admin by date

Next:From: Rafael DomicianoDate: 2008-06-13 16:06:31
Subject: Re: Revoke for a new role
Previous:From: Milen A. RadevDate: 2008-06-13 14:05:06
Subject: Re: Revoke for a new role

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group