| From: | "Rafael Domiciano" <rafael(dot)domiciano(at)gmail(dot)com> |
|---|---|
| To: | "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | "Milen A(dot) Radev" <milen(at)radev(dot)net>, pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: Revoke for a new role |
| Date: | 2008-06-13 16:06:31 |
| Message-ID: | 3a0028490806130906i553f9588g810b2d19d95a91a1@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
So, there is no manner to define that the user can't do create or drop
objects, but can create temp tables?
I have to do it manually?
I have been reading about a patch that increment the CREATE ROLE clausule,
called "PATCH NOCREATETABLE"...
This patch is what I need... someone had already hear some about?
2008/6/13 Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>:
> "Milen A. Radev" <milen(at)radev(dot)net> writes:
> > Rafael Domiciano написа:
> >> I need to create a role (Postgres user) that cannot drop or create
> table,
> >> but can create TEMP tables. This role must do I, U and D normally.
>
> > For a role to be able to create tables (and other objects) it should
> > have "CREATE" privilege on the _schema_ in question.
>
> More specifically, what you're going to need to do is revoke "public"
> create access on the public schema, and then selectively grant it to
> everyone you want to have it. There's no notion of "everyone but X
> gets this privilege".
>
> regards, tom lane
>
| From | Date | Subject | |
|---|---|---|---|
| Next Message | NOW Web Sites Manager | 2008-06-13 16:41:20 | block error, but can't pg_dump |
| Previous Message | Tom Lane | 2008-06-13 15:11:42 | Re: Revoke for a new role |