Home > mailing lists

Re: Deny creation of tables for a user - Mailing list pgsql-general

From	Tom Lane
Subject	Re: Deny creation of tables for a user
Date	April 23, 2008 15:00:42
Msg-id	10790.1208962830@sss.pgh.pa.us Whole thread Raw
In response to	Re: Deny creation of tables for a user ("Roberts, Jon" <Jon.Roberts@asurion.com>)
List	pgsql-general

Tree view

"Roberts, Jon" <Jon.Roberts@asurion.com> writes:
> You probably want to also "REVOKE ALL ON SCHEMA public FROM public;" so
> users can't create objects in that schema.

More like REVOKE CREATE ..., unless your intent is also to deny access
to existing stuff in the public schema.

You'd also want to make sure the user doesn't have CREATE privilege
on the database, lest he create his own schema and then make tables
within that.  (This is off by default, though.)

Lastly, if you don't want him creating even temp tables, you'd need to
revoke TEMP privilege on the database from public.

Having revoked all these privileges from public, you'd need to grant 'em
back to whichever individual users should have them.

            regards, tom lane

pgsql-general by date:

From: Tom Lane
Date: 23 April 2008, 14:35:44
Subject: Re: tsearch2 problem

From: "Gabor Siklos"
Date: 23 April 2008, 15:14:42
Subject: Backup setup

Re: Deny creation of tables for a user - Mailing list pgsql-general

Previous

Next