| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | "Roberts, Jon" <Jon(dot)Roberts(at)asurion(dot)com> |
| Cc: | "Pascal Cohen" <pcohen(at)wimba(dot)com>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Deny creation of tables for a user |
| Date: | 2008-04-23 15:00:30 |
| Message-ID: | 10790.1208962830@sss.pgh.pa.us |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
"Roberts, Jon" <Jon(dot)Roberts(at)asurion(dot)com> writes:
> You probably want to also "REVOKE ALL ON SCHEMA public FROM public;" so
> users can't create objects in that schema.
More like REVOKE CREATE ..., unless your intent is also to deny access
to existing stuff in the public schema.
You'd also want to make sure the user doesn't have CREATE privilege
on the database, lest he create his own schema and then make tables
within that. (This is off by default, though.)
Lastly, if you don't want him creating even temp tables, you'd need to
revoke TEMP privilege on the database from public.
Having revoked all these privileges from public, you'd need to grant 'em
back to whichever individual users should have them.
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gabor Siklos | 2008-04-23 15:03:43 | Best backup setup |
| Previous Message | Leandro Casadei | 2008-04-23 14:38:03 | Re: Updating with a subselect |