Home > mailing lists

Re: How do I revoke CREATE TABLE and other privileges? - Mailing list pgsql-general

From	Michael Fuhr
Subject	Re: How do I revoke CREATE TABLE and other privileges?
Date	July 5, 2006 23:23:40
Msg-id	20060705232327.GA30373@winnie.fuhr.org Whole thread Raw
In response to	How do I revoke CREATE TABLE and other privileges? ("Karen Hill" <karen_hill22@yahoo.com>)
Responses	Re: How do I revoke CREATE TABLE and other privileges? ("Karen Hill" <karen_hill22@yahoo.com>)
List	pgsql-general

Tree view

On Wed, Jul 05, 2006 at 02:27:19PM -0700, Karen Hill wrote:
> I would like for one role to be able to login, and execute a couple of
> functions and nothing else.  I've tried to revoke access to CREATE on
> the database, schema, and tablespace but when I tested it, the user was
> still allowed to create tables.

From the REVOKE documentation:

    Note that any particular role will have the sum of privileges
    granted directly to it, privileges granted to any role it is
    presently a member of, and privileges granted to PUBLIC.

If PUBLIC still has privileges on the objects then the role still
has privileges, even if you've attempted to revoke them.  You'll
probably need to alter the privileges that PUBLIC has, which might
also require altering other roles' privileges to compensate.

--
Michael Fuhr

pgsql-general by date:

From: Bjørn T Johansen
Date: 05 July 2006, 21:41:45
Subject: Re: Help making a plpgsql function?

From: Chris
Date: 06 July 2006, 00:11:53
Subject: Re: RES: Phantom groups

Re: How do I revoke CREATE TABLE and other privileges? - Mailing list pgsql-general

Previous

Next