All,
> In any case, using permissions is a somewhat leaky bandaid, since
> superusers have overriding access privileges anyway. A better way to do
> what the OP wants might be to have a view trigger that raises an exception.
I think it would be better to supply a script which revoked write
permissions from all views from all users, and distribute it with
PostgreSQL. I think that's doable as a DO $$ script.
If I wrote something like that, where would we drop it?
The fact that it won't revoke permissions from superusers isn't a real
problem, IMNSHO. If anyone is relying on superusers not being able to
do something, they're in for pain in several other areas.
--
Josh Berkus
PostgreSQL Experts Inc.
http://pgexperts.com