From: | "Sander Steffann" <sander(at)steffann(dot)nl> |
---|---|
To: | <pgsql-hackers(at)postgreSQL(dot)org>, "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
Subject: | Re: Schema (namespace) privilege details |
Date: | 2002-04-18 23:33:59 |
Message-ID: | 00cd01c1e731$84f58060$64c8a8c0@balefire10ww |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Hi Tom,
> One of the things I'd like this mechanism to do is answer the request
> we've heard so often about preventing users from creating new tables.
> If the DBA revokes write access on the public namespace from a particular
> user, and doesn't create a personal schema for that user, then under this
> proposal that user would have noplace to create tables --- except TEMP
> tables in his temp schema. Is that sufficient, or do the folks who want
> this also want a way to prevent TEMP table creation?
I can't think of a reason that temp tables should be prevented. Being able
to prevent a user from creating permanent objects is good IMHO.
> Another thing that would be needed to prevent users from creating new
> tables is to prevent them from creating schemas for themselves. I am not
> sure how to handle that --- should the right to create schemas be treated
> as a user property (a column of pg_shadow), or should it be attached
> somehow to the database (and if the latter, how)?
Connecting this right to a database sounds like the right thing to do. (ISP
case: allow a user to do with his database whatever he wants, as long as he
stays away from other databases) But I don't know a good way to do it...
> Should the owner of a database (assume he's not a superuser) have the
> right to drop any schema in his database, even if he doesn't own it?
> I can see arguments either way on that one.
I think that if he owns it, he should be able to control it... Someone
owning a database should be responsible enough to manage it.
I hope these comments can help you,
Sander.
From | Date | Subject | |
---|---|---|---|
Next Message | Rod Taylor | 2002-04-18 23:34:06 | Re: Schema (namespace) privilege details |
Previous Message | Tom Lane | 2002-04-18 23:14:05 | Schema (namespace) privilege details |