Albe Laurenz wrote:
> Pascal Cohen wrote:
>
>> I am playing with security in Postgres
>> And I would like to have a database that can be managed by a given user
>> that could do almost anything but I would also have a user that can just
>> handle what is created.
>> I mean she could insert, update delete rows but not create tables.
>>
>> I did not find a way to revoke such thing. Is it possible ?
>>
>
> The concept of the privilege system is that each database object
> determines what you can do with it (with an access control list).
>
> The owner of a database object can do everything with it.
>
> So I'd do it like this:
>
> Owning user (owns schema "myschema"):
>
> CREATE TABLE myschema.mytable (...);
> GRANT USAGE ON SCHEMA myschema TO bibi;
> GRANT INSERT, UPDATE, DELETE ON myschema.mytable TO bibi;
>
> Now user "bibi" can du exactly what you want.
>
> Yours,
> Laurenz Albe
>
>
Thanks all for your help.
Your examples + re-reading the documentation made things clear to my mind.
Thanks again!
