Re: How to revoke "Create Privilege" from a readonly user in postgres?

From: Rui DeSousa <rui(at)crazybean(dot)net>
To: pavan95 <pavan(dot)postgresdba(at)gmail(dot)com>
Cc: pgsql-admin(at)postgresql(dot)org
Subject: Re: How to revoke "Create Privilege" from a readonly user in postgres?
Date: 2018-11-07 12:08:52
Message-ID: B71F44B3-023E-41A4-9B38-FEB4417F546C@crazybean.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

First I don’t know what I was thinking… I think this only change the default for the current use… not all users; I just never use this form.

alter default privileges in schema readonly grant select on tables to readonly;

> On Nov 7, 2018, at 2:08 AM, pavan95 <pavan(dot)postgresdba(at)gmail(dot)com> wrote:
>
> Rui,
>
> Thanks for responding. I'm perfectly alright with this approach. But can we
> do the same in "PUBLIC" schema??
>

Yeah; but why I think it already defaults to that; like I said before you should drop the public schema and not use it.

The other option is to revoke from the public role on the public schema.

I normally create a schema owner user that owns the objects and is only use for creating objects. Then I alter it default privileges to grant what ever access the application needs and other user role needs, etc. It’s always better to be granular if you development model supports it instead of sweeping rules.

In response to

Browse pgsql-admin by date

  From Date Subject
Next Message Mark Steben 2018-11-07 14:08:58 Re: Another streaming replication question
Previous Message Achilleas Mantzios 2018-11-07 10:33:56 Re: PostgreSQL 10.5 : Strange pg_wal fill-up, solved with the shutdown checkpoint