| From: | Rui DeSousa <rui(at)crazybean(dot)net> |
|---|---|
| To: | pavan95 <pavan(dot)postgresdba(at)gmail(dot)com> |
| Cc: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: How to revoke "Create Privilege" from a readonly user in postgres? |
| Date: | 2018-11-07 12:08:52 |
| Message-ID: | B71F44B3-023E-41A4-9B38-FEB4417F546C@crazybean.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
First I don’t know what I was thinking… I think this only change the default for the current use… not all users; I just never use this form.
alter default privileges in schema readonly grant select on tables to readonly;
> On Nov 7, 2018, at 2:08 AM, pavan95 <pavan(dot)postgresdba(at)gmail(dot)com> wrote:
>
> Rui,
>
> Thanks for responding. I'm perfectly alright with this approach. But can we
> do the same in "PUBLIC" schema??
>
Yeah; but why I think it already defaults to that; like I said before you should drop the public schema and not use it.
The other option is to revoke from the public role on the public schema.
I normally create a schema owner user that owns the objects and is only use for creating objects. Then I alter it default privileges to grant what ever access the application needs and other user role needs, etc. It’s always better to be granular if you development model supports it instead of sweeping rules.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mark Steben | 2018-11-07 14:08:58 | Re: Another streaming replication question |
| Previous Message | Achilleas Mantzios | 2018-11-07 10:33:56 | Re: PostgreSQL 10.5 : Strange pg_wal fill-up, solved with the shutdown checkpoint |