Re: REVOKE not working...

From: Joe Maldonado <jmaldonado(at)webehosting(dot)biz>
To: Stephan Szabo <sszabo(at)megazone(dot)bigpanda(dot)com>
Cc: Scott Marlowe <smarlowe(at)qwest(dot)net>, pgsql-admin(at)postgresql(dot)org
Subject: Re: REVOKE not working...
Date: 2004-10-22 14:51:14
Message-ID: 41791E62.6010102@webehosting.biz
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

Stephan Szabo wrote:

>On Fri, 22 Oct 2004, Joe Maldonado wrote:
>
>
>
>>Scott Marlowe wrote:
>>
>>
>>
>>>On Thu, 2004-10-21 at 10:49, Joe Maldonado wrote:
>>>
>>>
>>>
>>>
>>>>Scott Marlowe wrote:
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>>On Wed, 2004-10-20 at 08:17, Joe Maldonado wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>Hello all,
>>>>>> I have created users for which I have restricted access to SELECT
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>from a set of tables, this works :)
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> But when I issue a REVOKE CREATE ON DATABASE mydb FROM myuser;
>>>>>>The user can still create tables...I've also issued this command for the
>>>>>>SCHEMA and still no go.
>>>>>>
>>>>>>Is this a known problem, if so how can I restrict users from creating
>>>>>>objects in my db?
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>Is myuser a superuser? If so, you can revoke all you want and he'll
>>>>>still be able to do anything he wants. Also, I think that if myuser
>>>>>owns the current database he can always create tables in it.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>myuser is not a superuser. is the public schema special in that you
>>>>cannot revoke create privileges from users accessing it?
>>>>
>>>>
>>>>
>>>>
>>>Is myuser the creator of the database in question?
>>>
>>>
>>>---------------------------(end of broadcast)---------------------------
>>>TIP 6: Have you searched our list archives?
>>>
>>> http://archives.postgresql.org
>>>
>>>
>>>
>>>
>>Nope.
>>
>>
>
>I think Tom said this, but myuser probably doesn't have permission on the
>schema, it's probably getting the PUBLIC ("world") permission. You might
>need to revoke create on schema public from public; and then grant rights
>to users or groups that you want to give permissions to.
>
>---------------------------(end of broadcast)---------------------------
>TIP 8: explain analyze is your friend
>
>
Thanks !!! that did it.

-Joe

In response to

Browse pgsql-admin by date

  From Date Subject
Next Message Doug Y 2004-10-22 15:04:04 RPM vs. Compile benefits?
Previous Message Tom Lane 2004-10-22 14:04:55 Re: indexes are not working for