"Tony Webb" <amw@sanger.ac.uk> writes:
> Thanks Tom,
> I think I'm still doing something wrong.
> As a superuser I run:
> #revoke create on schema public from public;
> REVOKE
> As the read only user straight after running the above:
> create table barney2(col1 integer);
> CREATE TABLE
It works for me:
regression=# create user ro;
CREATE ROLE
regression=# \c - ro
You are now connected to database "regression" as user "ro".
regression=> create table t1 (f1 int);
CREATE TABLE
[ in another session, as superuser ]
regression=# revoke create on schema public from public;
REVOKE
[ back to first session ]
regression=> create table t2 (f1 int);
ERROR: permission denied for schema public
Are you sure you revoked the privilege in the same database the read
only user is working in?
> What should I try next? Presumably the privilege is being inherited from
> another role?
Not unless you manually set things up that way.
regards, tom lane