Skip site navigation (1) Skip section navigation (2)

Re: Revoke for a new role

From: "Rafael Domiciano" <rafael(dot)domiciano(at)gmail(dot)com>
To: "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: "Milen A(dot) Radev" <milen(at)radev(dot)net>, pgsql-admin(at)postgresql(dot)org
Subject: Re: Revoke for a new role
Date: 2008-06-13 16:06:31
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-admin
So, there is no manner to define that the user can't do create or drop
objects, but can create temp tables?
I have to do it manually?

I have been reading about a patch that increment the CREATE ROLE clausule,
This patch is what I need... someone had already hear some about?

2008/6/13 Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>:

> "Milen A. Radev" <milen(at)radev(dot)net> writes:
> > Rafael Domiciano написа:
> >> I need to create a role (Postgres user) that cannot drop or create
> table,
> >> but can create TEMP tables. This role must do I, U and D normally.
> > For a role to be able to create tables (and other objects) it should
> > have "CREATE" privilege on the _schema_ in question.
> More specifically, what you're going to need to do is revoke "public"
> create access on the public schema, and then selectively grant it to
> everyone you want to have it.  There's no notion of "everyone but X
> gets this privilege".
>                        regards, tom lane

In response to


pgsql-admin by date

Next:From: NOW Web Sites ManagerDate: 2008-06-13 16:41:20
Subject: block error, but can't pg_dump
Previous:From: Tom LaneDate: 2008-06-13 15:11:42
Subject: Re: Revoke for a new role

Privacy Policy | About PostgreSQL
Copyright © 1996-2018 The PostgreSQL Global Development Group