| From: | "Richard Huxton" <dev(at)archonet(dot)com> |
|---|---|
| To: | "Dan McGrath" <dmcgrath19(at)home(dot)com>, "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: Anyone can create tables! |
| Date: | 2001-03-11 21:25:44 |
| Message-ID: | 007d01c0aa75$05ddee60$1001a8c0@archonet.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
From: "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>
> Dan McGrath <dmcgrath19(at)home(dot)com> writes:
> > Any user with access to a database on my system that isnt the
> > owner still has the ability to create tables (and possibly functions,
> > views etc.) with no aparent limits. Is this a design flaw or a bug or
> > perhaps just something you guys havent got around to fixing yet?
>
> There is no concept of database-level privileges in Postgres, other than
> the right to connect to a DB in the first place (which is recorded and
> enforced completely outside the database system itself).
I'm guessing there's a Good Reason (TM) why setting permissions on pg_class
et al don't seem to work.
I can see how it might screw temporary tables (and views?) etc. but I
couldn't seem to get perms to work at all the other day (I was playing).
Failing that, is Dan's talk of triggers (other branch of this thread)
plausible? Some disgusting hack to the client libraries to disable CREATE...
and ALTER TABLE?
- Richard Huxton
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Richard Huxton | 2001-03-11 21:48:30 | Re: big int |
| Previous Message | Richard Huxton | 2001-03-11 21:15:36 | Re: Money... |