Postgres Pro
Downloads
Home   >   mailing lists

Re: Revoke for a new role - Mailing list pgsql-admin

From Kevin Grittner
Subject Re: Revoke for a new role
Date
Msg-id 485A5758.EE98.0025.0@wicourts.gov
Whole thread Raw
In response to Re: Revoke for a new role  ("Rafael Domiciano" <rafael.domiciano@gmail.com>)
List pgsql-admin
Tree view 
>>> On Fri, Jun 13, 2008 at 11:06 AM, in message
<3a0028490806130906i553f9588g810b2d19d95a91a1@mail.gmail.com>, "Rafael
Domiciano" <rafael.domiciano@gmail.com> wrote:
> So, there is no manner to define that the user can't do create or
drop
> objects, but can create temp tables?

What we normally do is something like this.

create user dbowner password 'ownerpasswd';
create user db password 'normalpasswd';
create user dbviewer password 'viewerpasswd';
create database db with owner dbowner;
\c db
revoke create on database db from public;
revoke create on schema public from public;
grant create on schema public to dbowner;
set role dbowner;
<create objects>

Then we limit access to the given database to the appropriate users in
the pg_hba.conf file.  The owner grants the desired rights to each
user.

I hope this helps.

-Kevin

pgsql-admin by date:

Previous
From: "Peter Kovacs"
Date:
Subject: Re: Readline support in psql -- worked earlier for me
Next
From: Tom Lane
Date:
Subject: Re: Readline support in psql -- worked earlier for me