Re: REVOKE not working...

Stephan Szabo wrote:

>On Fri, 22 Oct 2004, Joe Maldonado wrote:
>
>
>
>>Scott Marlowe wrote:
>>
>>
>>
>>>On Thu, 2004-10-21 at 10:49, Joe Maldonado wrote:
>>>
>>>
>>>
>>>
>>>>Scott Marlowe wrote:
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>>On Wed, 2004-10-20 at 08:17, Joe Maldonado wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>Hello all,
>>>>>> I have created users for which I have restricted access to SELECT
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>from a set of tables, this works :)
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> But when I issue a REVOKE CREATE ON DATABASE mydb FROM myuser;
>>>>>>The user can still create tables...I've also issued this command for the
>>>>>>SCHEMA and still no go.
>>>>>>
>>>>>>Is this a known problem, if so how can I restrict users from creating
>>>>>>objects in my db?
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>Is myuser a superuser? If so, you can revoke all you want and he'll
>>>>>still be able to do anything he wants. Also, I think that if myuser
>>>>>owns the current database he can always create tables in it.
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>myuser is not a superuser. is the public schema special in that you
>>>>cannot revoke create privileges from users accessing it?
>>>>
>>>>
>>>>
>>>>
>>>Is myuser the creator of the database in question?
>>>
>>>
>>>---------------------------(end of broadcast)---------------------------
>>>TIP 6: Have you searched our list archives?
>>>
>>> http://archives.postgresql.org
>>>
>>>
>>>
>>>
>>Nope.
>>
>>
>
>I think Tom said this, but myuser probably doesn't have permission on the
>schema, it's probably getting the PUBLIC ("world") permission. You might
>need to revoke create on schema public from public; and then grant rights
>to users or groups that you want to give permissions to.
>
>---------------------------(end of broadcast)---------------------------
>TIP 8: explain analyze is your friend
>
>
Thanks !!! that did it.

-Joe