| From: | "Milen A(dot) Radev" <milen(at)radev(dot)net> |
|---|---|
| To: | pgsql-admin(at)postgresql(dot)org |
| Subject: | Re: select only user |
| Date: | 2008-01-17 15:24:02 |
| Message-ID: | fmnrui$6pq$1@ger.gmane.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
Milen A. Radev написа:
> Jessica Richard написа:
>> I created a user and granted only "select" to this user so that this
>> user can only select the tables on a production system. But by
>> default, this user can also CREATE TABLE successfully....
>>
>> How can I revoke this "create table" privilege (and possible others)
>> and limit this user to only the permissions granted by me?
>>
>
> Revoke the "create" privilege on the "public" schema (or any other
> schema you've created) from 'public' (that's special "role"). Also
> revoke the "create" privilege on the database(s) in question from the
> same special role 'public' to prevent creation of new schemas.
>
> More here - http://www.postgresql.org/docs/current/static/sql-grant.html.
Almost forgot - there is another way if the role in question would be
read-only:
ALTER USER username SET default_transaction_read_only to true;
(http://archives.postgresql.org/pgsql-admin/2007-10/msg00101.php)
--
Milen A. Radev
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jerome Blomart | 2008-01-17 17:43:27 | pgsql and net-snmp |
| Previous Message | Milen A. Radev | 2008-01-17 15:15:30 | Re: select only user |