Re: Roles and security

nikhil raj wrote:
> Currently my company is shifting from MS SQL to postgres
>
> check the roles of user I want to give user roles only select, insert, update, execute and create database to all users Permission
>
>
> The users should not have these permission
> drop database , delete table permission

If you want to allow a user (or role) CREATE DATABASE, give them the
CREATEDB privilege with ALTER ROLE.

If you mean "schema" when you say "database", give them the CREATE
privilege on the database instead.

SELECT, INSERT, UPDATE and EXECUTE are granted on individual objects,
not in general.

You can, however, use ALTER DEFUALT PRIVILEGES to automatically grant
privieges on any new object created.

Note that by default, everybody (the special role PUBLIC) has EXECUTE
privilege on all functions.

Only superusers and object owners are allowed DROP and ALTER on objects,
and there is no way to prevent that.

Yours,
Laurenz Albe