Tom Lane wrote:
> Zdenek Kotala <Zdenek.Kotala@Sun.COM> writes:
>> Tom Lane wrote:
>>> Zdenek Kotala <Zdenek.Kotala@Sun.COM> writes:
>>>> It seems that we not able to revoke create privilege on default tablespace.
>>> This is intentional.
>
>> I don't understand why.
>
> It's presumed that the right to create tables within a database entails
> the right to create them someplace; hence no permissions check is made
> on the database's default tablespace. Without that, not only does plain
> CREATE TABLE fail (including CREATE TEMP TABLE), but any query complex
> enough to require a temporary file would fail as well. So you'd pretty
> much have to grant rights on the tablespace to every user of the database
> anyway.
If only temporary objects are problem I think better solution is to create
pg_temp tablespace which will be used as default for temporary data (if
temp_tablespaces is not set) and this table space will have create rights for
everyone. It should be stored in separate directory (e.g. data/pg_temp).
Maybe add temp flag to tablespace should make sense - It will mean that only
temporary object can be created in this tablespace.
Zdenek
