| From: | Ron Johnson <ron(dot)l(dot)johnson(at)cox(dot)net> |
|---|---|
| To: | pgsql-general(at)lists(dot)postgresql(dot)org |
| Subject: | Re: Ability to create tables |
| Date: | 2018-03-10 00:10:47 |
| Message-ID: | 32d6785b-a92d-b1f7-a72d-8790892ce259@cox.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On 03/09/2018 05:46 PM, Tom Lane wrote:
> Ron Johnson <ron(dot)l(dot)johnson(at)cox(dot)net> writes:
>> Even though I revoked the CREATE priv on role ABCREADONLY, it's still able
>> to create tables. What can I do to prevent this?
>> $ psql -c 'revoke create on database "ABC123" from "ABCREADONLY";'
> That revokes the ability to create new schemas within that database
> (which I suspect the role did not have anyway). What you need is
> to remove its ability to create objects within the public schema
> within that database. By default, that ability is granted to PUBLIC,
> so that "revoke create on schema public from "ABCREADONLY";" won't
> help either. What you have to do is "revoke create on schema public
> from public", and then grant it back to just the roles that should have
> it.
>
> If you don't want the role creating temp tables either, you need to
> revoke its TEMP right on the database (which *is* a database-level
> privilege). Again, this'll involve disallowing that to PUBLIC,
> since that default grant is how it's getting the privilege.
Thanks.
--
Angular momentum makes the world go 'round.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Sherman Willden | 2018-03-10 00:25:41 | Need followup setup instructions to postgresql-10.3-1-linux-x64.run |
| Previous Message | Tom Lane | 2018-03-09 23:46:15 | Re: Ability to create tables |