Home > mailing lists

Re: Making a schema "read-only" (was Unexpected message in grant/revoke script) - Mailing list pgsql-general

From	Tom Lane
Subject	Re: Making a schema "read-only" (was Unexpected message in grant/revoke script)
Date	March 14, 2008 19:55:16
Msg-id	24460.1205524509@sss.pgh.pa.us Whole thread Raw
In response to	Making a schema "read-only" (was Unexpected message in grant/revoke script) ("Webb Sprague" <webb.sprague@gmail.com>)
Responses	Re: Making a schema "read-only" (was Unexpected message in grant/revoke script) ("Webb Sprague" <webb.sprague@gmail.com>)
List	pgsql-general

Tree view

"Webb Sprague" <webb.sprague@gmail.com> writes:
> Also, I revoked what I thought was everything possible on the public
> schema, but a user is still able to create a table in that schema --
> could someone explain:

> oregon=# revoke create on schema public from foobar cascade;
> REVOKE

You've got a conceptual error here: the above only does something if
you'd previously done an explicit "GRANT TO foobar".  You haven't,
so there's nothing to revoke.

The reason people can create stuff in public is that by default,
create on schema public is granted to PUBLIC, ie the world.

Start with
    revoke all on schema public from public
and then grant only what you want.

            regards, tom lane

pgsql-general by date:

From: "Scott Marlowe"
Date: 14 March 2008, 19:40:53
Subject: Re: postgre vs MySQL

From: "Webb Sprague"
Date: 14 March 2008, 20:08:38
Subject: Re: Making a schema "read-only" (was Unexpected message in grant/revoke script)

Re: Making a schema "read-only" (was Unexpected message in grant/revoke script) - Mailing list pgsql-general

Previous

Next