| From: | "Roberts, Jon" <Jon(dot)Roberts(at)asurion(dot)com> |
|---|---|
| To: | "Pascal Cohen" <pcohen(at)wimba(dot)com>, <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Deny creation of tables for a user |
| Date: | 2008-04-23 12:24:35 |
| Message-ID: | 1A6E6D554222284AB25ABE3229A92762E9A20B@nrtexcus702.int.asurion.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
> Terry Lee Tucker wrote:
> > On Wednesday 23 April 2008 06:46, Pascal Cohen wrote:
> >
> >> Hello
> >> I am playing with security in Postgres
> >> And I would like to have a database that can be managed by a given
user
> >> that could do almost anything but I would also have a user that can
> just
> >> handle what is created.
> >> I mean she could insert, update delete rows but not create tables.
> >>
> >> I did not find a way to revoke such thing. Is it possible ?
> >>
> >> Thanks!
> >>
> >
> > Have you looked at GRANT?
> > http://www.postgresql.org/docs/8.3/interactive/sql-grant.html
> >
> >
> Yes I did.
> In fact I looked at GRANT and REVOKE commands but I would like to
define
> that a role r cannot create a new table and I did not find the way to
do
> so.
> I can prevent him from inserting or updating in an existing table but
> not to create a new table
>
It is handled at the schema level. If a user doesn't have create on any
schemas, then the user can't create any tables.
"For schemas, allows new objects to be created within the schema. To
rename an existing object, you must own the object and have this
privilege for the containing schema."
You probably want to also "REVOKE ALL ON SCHEMA public FROM public;" so
users can't create objects in that schema.
Jon
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ivan Sergio Borgonovo | 2008-04-23 12:34:38 | Re: Debian etch, backport postgresql 8.3 experiences? |
| Previous Message | Gregory Stark | 2008-04-23 12:12:02 | Re: Bitmap Heap Scan takes a lot of time |