Re: REVOKE CREATE does not work on default tablespace

From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To: Zdenek Kotala <Zdenek(dot)Kotala(at)Sun(dot)COM>
Cc: pgsql-bugs(at)postgresql(dot)org
Subject: Re: REVOKE CREATE does not work on default tablespace
Date: 2007-06-25 17:59:44
Message-ID: 1831.1182794384@sss.pgh.pa.us
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

Zdenek Kotala <Zdenek(dot)Kotala(at)Sun(dot)COM> writes:
> Tom Lane wrote:
>> It's presumed that the right to create tables within a database entails
>> the right to create them someplace; hence no permissions check is made
>> on the database's default tablespace. Without that, not only does plain
>> CREATE TABLE fail (including CREATE TEMP TABLE), but any query complex
>> enough to require a temporary file would fail as well. So you'd pretty
>> much have to grant rights on the tablespace to every user of the database
>> anyway.

> If only temporary objects are problem I think better solution is to create
> pg_temp tablespace which will be used as default for temporary data

Why are you so eager to make CREATE TABLE fail? (If you really want to
do that there are other ways, for instance revoking create privilege
within the DB.)

Once you've created a database with a given tablespace as default, the
only way to make it stop using the tablespace is to drop the whole DB;
there are no half measures because you can't move the system catalogs
(particularly not pg_class). So I'm not seeing the point of enforcing
tablespace usage against users of the database rather than at the time
of DB creation.

regards, tom lane

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Toru SHIMOGAKI 2007-06-26 10:59:11 BUG #3413: character string or multibyte character to "char"
Previous Message Zdenek Kotala 2007-06-25 16:52:09 Re: REVOKE CREATE does not work on default tablespace