> Terry Lee Tucker wrote:
> > On Wednesday 23 April 2008 06:46, Pascal Cohen wrote:
> >
> >> Hello
> >> I am playing with security in Postgres
> >> And I would like to have a database that can be managed by a given
user
> >> that could do almost anything but I would also have a user that can
> just
> >> handle what is created.
> >> I mean she could insert, update delete rows but not create tables.
> >>
> >> I did not find a way to revoke such thing. Is it possible ?
> >>
> >> Thanks!
> >>
> >
> > Have you looked at GRANT?
> > http://www.postgresql.org/docs/8.3/interactive/sql-grant.html
> >
> >
> Yes I did.
> In fact I looked at GRANT and REVOKE commands but I would like to
define
> that a role r cannot create a new table and I did not find the way to
do
> so.
> I can prevent him from inserting or updating in an existing table but
> not to create a new table
>
It is handled at the schema level. If a user doesn't have create on any
schemas, then the user can't create any tables.
"For schemas, allows new objects to be created within the schema. To
rename an existing object, you must own the object and have this
privilege for the containing schema."
You probably want to also "REVOKE ALL ON SCHEMA public FROM public;" so
users can't create objects in that schema.
Jon
