On Fri, 22 Oct 2004, Joe Maldonado wrote:
> Scott Marlowe wrote:
>
> >On Thu, 2004-10-21 at 10:49, Joe Maldonado wrote:
> >
> >
> >>Scott Marlowe wrote:
> >>
> >>
> >>
> >>>On Wed, 2004-10-20 at 08:17, Joe Maldonado wrote:
> >>>
> >>>
> >>>
> >>>
> >>>>Hello all,
> >>>> I have created users for which I have restricted access to SELECT
> >>>>
> >>>>
> >>>>from a set of tables, this works :)
> >>>
> >>>
> >>>> But when I issue a REVOKE CREATE ON DATABASE mydb FROM myuser;
> >>>>The user can still create tables...I've also issued this command for the
> >>>>SCHEMA and still no go.
> >>>>
> >>>>Is this a known problem, if so how can I restrict users from creating
> >>>>objects in my db?
> >>>>
> >>>>
> >>>>
> >>>>
> >>>Is myuser a superuser? If so, you can revoke all you want and he'll
> >>>still be able to do anything he wants. Also, I think that if myuser
> >>>owns the current database he can always create tables in it.
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>myuser is not a superuser. is the public schema special in that you
> >>cannot revoke create privileges from users accessing it?
> >>
> >>
> >
> >Is myuser the creator of the database in question?
> >
> >
> >---------------------------(end of broadcast)---------------------------
> >TIP 6: Have you searched our list archives?
> >
> > http://archives.postgresql.org
> >
> >
> Nope.
I think Tom said this, but myuser probably doesn't have permission on the
schema, it's probably getting the PUBLIC ("world") permission. You might
need to revoke create on schema public from public; and then grant rights
to users or groups that you want to give permissions to.
